Auth Steps
Steps for JWT tokens, password hashing, and API key generation.
Auth Steps
Auth steps provide common authentication and authorization operations -- creating tokens, hashing passwords, and generating API keys.
Sign JWT
Creates a JSON Web Token with a payload and signing secret.
Payload: { userId: vars.user.id, role: vars.user.role }
Secret: env.JWT_SECRET
Expires In: 7d
Assign To: token
Verify JWT
Verifies a JWT and extracts its payload. Throws an error if the token is invalid or expired.
Token: headers.authorization | split(' ') | last
Secret: env.JWT_SECRET
Assign To: decoded
Wrap Verify JWT in a Try/Catch step to handle invalid or expired tokens gracefully and return a 401 response.
Hash Password
Hashes a plaintext password using bcrypt for secure storage.
Password: input.password Salt Rounds: 12 Assign To: hashedPassword
Verify Password
Compares a plaintext password against a bcrypt hash. Returns true if they match, false otherwise.
Password: input.password Hash: vars.user.password_digest Assign To: isValid
Generate API Key
Generates a cryptographically secure random API key string.
Prefix: sk_live_ Length: 48 Assign To: apiKey
The data to encode in the token (e.g., user ID, role). The signing secret. Use `env.JWT_SECRET` for environment variables. Token expiration duration (e.g., `1h`, `7d`, `30m`). Defaults to `1h`. Signing algorithm: `HS256`, `HS384`, `HS512`. Defaults to `HS256`. Variable name to store the generated token string. The JWT string to verify. The signing secret used to create the token. Variable name to store the decoded payload. The plaintext password to hash. Number of bcrypt salt rounds. Defaults to 10. Variable name to store the hashed password. The plaintext password to verify. The bcrypt hash to compare against. Variable name to store the boolean result. Length of the generated key in characters. Defaults to 32. Optional prefix for the key (e.g., `sk_live_`). Variable name to store the generated key. Steps Reference /reference/steps Browse all step categories Add User Authentication /guides/user-auth Step-by-step auth guide Crypto Steps /reference/steps/crypto Encryption and hashing steps