🔐 Authentication Blocks

Authentication blocks provide comprehensive functionality for user authentication and authorization in Nodeblocks applications. These blocks handle authentication flows including OAuth, email/password, email verification, multi-factor authentication (MFA), one-time tokens, and session management.

---

🎯 Overview

Authentication blocks are designed to:

• Support multiple authentication methods (OAuth, email/password, one-time tokens)
• Handle email verification and confirmation workflows
• Manage user sessions and security tokens
• Provide secure authentication with device fingerprinting
• Enable flexible registration with various validation options
• Support multi-factor authentication (MFA) with code generation and verification

---

📦 Block Types

🔍 Schemas

JSON Schema definitions for authentication data validation:

• providerSchema: OAuth provider authentication
• credentialsSchema: Email/password authentication
• identitySchema: Flexible authentication with multiple methods
• loginWithCredentialsSchema: Login validation with fingerprinting
• resendMfaCodeSchema: MFA code resend validation
• verifyMfaCodeSchema: MFA code verification validation
• registerCredentialsSchema: User registration validation
• sendVerificationEmailSchema: Email verification requests
• confirmEmailSchema: Email confirmation with tokens
• changeEmailSchema: Email change validation
• checkTokenSchema: Token validation with target context
• confirmNewEmailSchema: New email confirmation validation
• sendResetPasswordLinkEmailSchema: Password reset email validation
• passwordSchema: Password field validation (length/pattern)
• changePasswordSchema: Change password validation
• completePasswordResetSchema: Reset password completion validation
• activateSchema: Account activation validation
• deactivateSchema: Account deactivation validation
• loginWithOnetimeTokenSchema: One-time token login validation
• refreshTokenSchema: Refresh token validation
• deleteRefreshTokensSchema: Refresh token deletion validation

View Authentication Schemas →

⚙️ Handlers

Core business logic for authentication operations:

• loginWithCredentials: User authentication with credentials
• createAccessToken: Access token generation
• createRefreshToken: Refresh token generation
• setResponseCookie: Sets auth cookies in response
• logout: Session termination and cleanup
• registerCredentials: User account creation
• sendVerificationEmail: Email verification sending
• confirmEmail: Email confirmation processing
• buildCheckConfirmEmailTokenPayload: Prepares check token payload for confirm-email
• checkToken: Token validation processing
• refreshToken: Access token refresh using refresh token with enhanced security
• deleteToken: Token deletion (admin)
• loginWithOnetimeToken: Authenticate with OTT
• generateOnetimeToken: Generate OTT (admin)
• restoreOnetimeToken: Restore OTT (admin)
• invalidateOnetimeToken: Invalidate OTT (admin)
• loginTerminator: Formats login response
• logoutTerminator: Formats logout response
• registerTerminator: Formats registration response
• confirmEmailTerminator: Formats email confirmation response
• sendVerificationEmailTerminator: Formats verification email response

View Authentication Handlers →

🛣️ Routes

HTTP endpoint definitions for authentication operations:

• loginWithCredentialsRoute: POST /auth/login with authentication handler
• resendMfaCodeRoute: POST /auth/mfa/resend with MFA code regeneration
• verifyMfaCodeRoute: POST /auth/mfa/verify with MFA code verification
• logoutRoute: POST /auth/logout with session termination
• refreshTokenRoute: POST /auth/token/refresh with access token refresh
• registerCredentialsRoute: POST /auth/register with account creation
• sendVerificationEmailRoute: POST /auth/:identityId/send-verification-email with email sending
• confirmEmailRoute: POST /auth/confirm-email with token processing
• changeEmailRoute: PATCH /auth/:identityId/change-email with email update processing
• checkTokenRoute: POST /auth/token/check with token validation handler
• deleteRefreshTokensRoute: DELETE /auth/:identityId/refresh-tokens with authentication and access validation
• loginWithOnetimeTokenRoute: POST /auth/ott/login with OTT authentication
• generateOnetimeTokenRoute: POST /auth/ott/generate with OTT generation (admin)
• restoreOnetimeTokenRoute: POST /auth/ott/restore with OTT restore (admin)
• invalidateOnetimeTokenRoute: POST /auth/ott/invalidate with OTT invalidation (admin)
• confirmNewEmailRoute: POST /auth/confirm-new-email with new email verification
• sendResetPasswordLinkEmailRoute: POST /auth/send-reset-password-link-email with password reset email sending
• changePasswordRoute: PATCH /auth/:identityId/change-password with password update processing
• activateRoute: POST /auth/activate with account activation processing
• deactivateRoute: POST /auth/deactivate with account deactivation processing
• completePasswordResetRoute: POST /auth/reset-password with password update

View Authentication Routes →

🚀 Features

Complete authentication management features combining schemas, routes, and handlers:

• loginWithCredentialsFeature: User authentication with validated credentials and secure logout
• verifyMfaCodeFeature: Multi-factor authentication code verification workflow
• resendMfaCodeFeature: MFA code regeneration for users needing new verification codes
• loginWithOnetimeTokenFeature: Passwordless authentication using one-time tokens
• registerCredentialsFeature: User registration with credential validation and account creation
• emailVerificationFeature: Email verification request processing with device security
• confirmEmailFeature: Email confirmation token validation and account verification
• changeEmailFeature: Email change initiation with validation
• checkTokenFeature: Token validation with target context
• confirmNewEmailFeature: New email confirmation after email change
• sendResetPasswordLinkEmailFeature: Password reset email generation and sending
• changePasswordFeature: Password change with validation and hashing
• activateFeature: Account activation workflow
• deactivateFeature: Account deactivation workflow
• completePasswordResetFeature: Password reset completion workflow
• refreshTokenFeature: Token refresh feature with schema validation and routing for renewing access tokens
• deleteRefreshTokensFeature: Refresh token deletion feature with schema validation and routing for removing identity refresh tokens

View Authentication Features →

✅ Validators

Validation functions for authentication operations:

• isAuthenticated: Validates authentication using configured authenticator
• verifyAuthentication: Validates authentication using provided authenticator function (deprecated)

View Authentication Validators →

🔧 Blocks

Pure business logic functions for authentication operations:

• Identity Management: User validation and email operations
• Token Management: Secure token lifecycle management
• Email Authentication: Verification and communication functionality
• Security Validation: Fingerprint tracking and request validation
• Multi-Factor Authentication (MFA): MFA code generation, verification, and error handling
• MFA Error Classes: Specialized error handling for MFA operations
• MFA Constants: Configuration constants for MFA functionality

View Authentication Blocks →

---

🔗 Related Documentation

• Authentication Schemas - Authentication data validation and contracts
• Authentication Handlers - Business logic and authentication operations
• Authentication Routes - HTTP endpoint definitions
• Authentication Features - Complete authentication management features
• Authentication Validators - Authentication validation functions
• Invitation Blocks - Related invitation management functionality