Authentication
#
Log inTo log in to a user, you can call the authenticate
mutation:
note
Whilst the refreshToken
is available in the mutation response, this is mainly intended for use in environments where cookies aren't available (i.e. mobile applications). An HttpOnly
refresh token cookie is automatically sent with all authentication mutation responses.
#
RegisterTo register a user, you can call the register
mutation:
note
If you have Permission Type
set to Multiple Schemas
in your plugin settings, you will have a register
mutation for each user group that has registrations enabled (e.g. registerUser
and registerBusiness
).
#
Refresh JWTTo refresh a user's JWT, you can call the refreshToken
mutation:
note
Whilst this mutation accepts a refreshToken
argument, browser requests will automatically use the refresh token cookie. The argument is mainly intended for use in mobile applications.
note
Refresh tokens are consumed when generating a new JWT. A new refresh token is included in the mutation response, and also sent as an HttpOnly
cookie.
#
Log out#
Log out of current deviceTo delete the current token, you can call the deleteCurrentToken
mutation:
#
Log out of all devicesTo delete all tokens associated with a user, you can call the deleteAllTokens
mutation:
#
Forgotten PasswordTo send a password reset email to a user, you can call the forgottenPassword
mutation:
#
Set PasswordTo set a user's password following a password reset email, you can call the setPassword
mutation: