Skip to content
Pulsabase

Email & Password

Pulsabase Auth provides native support for email and password authentication, complete with secure bcrypt password hashing, automatic token management, MFA, password resets, and email verification.

Auth Lifecycle

Section titled “Auth Lifecycle”

Sign Up

Section titled “Sign Up”

Register a new user. On success, the session tokens are automatically stored and the user is immediately signed in.

If your project requires email verification, a confirmation email is automatically sent.

import pb from './pulsabase';


const { user_id, access_token } = await pb.auth.signUpWithPassword(
  'user@example.com',
  'StrongPassword123!',
  {
    given_name: 'John',
    family_name: 'Doe',
    // Optional: store arbitrary metadata
    user_metadata: { plan: 'free', referral: 'homepage' },
  }
);

Sign In

Section titled “Sign In”

Authenticate an existing user. On success, the SDK automatically stores the session tokens and schedules silent refreshes.

const session = await pb.auth.signInWithPassword(
  'user@example.com',
  'StrongPassword123!'
);


// Handle MFA if enabled for this account
if ('mfa_required' in session) {
  const mfaCode = await promptUserForCode();
  await pb.auth.signInWithPassword(
    'user@example.com',
    'StrongPassword123!',
    mfaCode   // 6-digit TOTP code
  );
}

Sign Out

Section titled “Sign Out”

Sign the user out and clear the local session. All SDK requests will become unauthenticated after this call.

await pb.auth.signOut();

Password Resets

Section titled “Password Resets”

A two-step flow for users who have forgotten their password.

Step 1 — Request Reset

Section titled “Step 1 — Request Reset”

Sends an email to the user with a reset link. You configure the link’s destination URL in Dashboard → Settings → Email Templates.

await pb.auth.resetPassword('user@example.com');
// No error is thrown even if the email doesn't exist (security best practice)

Step 2 — Confirm Reset

Section titled “Step 2 — Confirm Reset”

When the user clicks the link in their email, extract the token from the URL parameters and call confirmResetPassword.

// On your /reset-password route: ?token=XYZ
const urlParams = new URLSearchParams(window.location.search);
const token = urlParams.get('token');


await pb.auth.confirmResetPassword(token, 'NewStrongPassword123!');

Updating Password (Authenticated)

Section titled “Updating Password (Authenticated)”

If a user is already signed in and wants to change their password, they must provide their current password for security verification.

await pb.auth.updatePassword('CurrentPassword123!', 'NewPassword456!');

Email Verification

Section titled “Email Verification”

If your project requires email verification, users receive a verification email upon registration. You can also re-request the verification email.

Request Verification Email

Section titled “Request Verification Email”
// Requires the user to be signed in
await pb.auth.requestEmailVerification();

Confirm Email Verification

Section titled “Confirm Email Verification”
// token comes from the link in the verification email
await pb.auth.confirmEmailVerification('token_from_email');

Multi-Factor Authentication (MFA)

Section titled “Multi-Factor Authentication (MFA)”

Pulsabase supports TOTP-based MFA (compatible with Google Authenticator, Authy, etc.).

Enroll

Section titled “Enroll”
const { qr_code_url, recovery_codes } = await pb.auth.mfa.enroll();


// Display qr_code_url to the user for scanning
// Store recovery_codes securely — shown only once!

Verify (Activate MFA)

Section titled “Verify (Activate MFA)”
await pb.auth.mfa.verify('123456'); // 6-digit code from the authenticator app

Disable MFA

Section titled “Disable MFA”
await pb.auth.mfa.disable();