Auth Steps

Steps for JWT tokens, password hashing, and API key generation.

Auth Steps

Auth steps provide common authentication and authorization operations -- creating tokens, hashing passwords, and generating API keys.

Sign JWT

Creates a JSON Web Token with a payload and signing secret.

Payload: { userId: vars.user.id, role: vars.user.role }
Secret: env.JWT_SECRET
Expires In: 7d
Assign To: token

Verify JWT

Verifies a JWT and extracts its payload. Throws an error if the token is invalid or expired.

Token: headers.authorization | split(' ') | last
Secret: env.JWT_SECRET
Assign To: decoded

Wrap Verify JWT in a Try/Catch step to handle invalid or expired tokens gracefully and return a 401 response.

Hash Password

Hashes a plaintext password using bcrypt for secure storage.

Password: input.password
Salt Rounds: 12
Assign To: hashedPassword

Verify Password

Compares a plaintext password against a bcrypt hash. Returns true if they match, false otherwise.

Password: input.password
Hash: vars.user.password_digest
Assign To: isValid

Generate API Key

Generates a cryptographically secure random API key string.

Prefix: sk_live_
Length: 48
Assign To: apiKey
The data to encode in the token (e.g., user ID, role).
The signing secret. Use `env.JWT_SECRET` for environment variables.
Token expiration duration (e.g., `1h`, `7d`, `30m`). Defaults to `1h`.
Signing algorithm: `HS256`, `HS384`, `HS512`. Defaults to `HS256`.
Variable name to store the generated token string.
The JWT string to verify.
The signing secret used to create the token.
Variable name to store the decoded payload.
The plaintext password to hash.
Number of bcrypt salt rounds. Defaults to 10.
Variable name to store the hashed password.
The plaintext password to verify.
The bcrypt hash to compare against.
Variable name to store the boolean result.
Length of the generated key in characters. Defaults to 32.
Optional prefix for the key (e.g., `sk_live_`).
Variable name to store the generated key.
Steps Reference
/reference/steps
Browse all step categories
Add User Authentication
/guides/user-auth
Step-by-step auth guide
Crypto Steps
/reference/steps/crypto
Encryption and hashing steps