SurrealDB Docs Logo

Enter a search query

Handle authentication

Since SurrealDB is a database that is designed to be used in a distributed environment, it is important to secure the database and the data that is stored in it. SurrealDB provides a number of methods for authenticating users and securing the database.

In your SurrealDB database, you can create authentication login using the DEFINE ACCESS statement which supports JWT and Record Access methods.

The access method used will inform the input for access in the .signup() and .signin() methods.

Important

If you are not on Version v2.1.4 of SurrealDB, you will use the scope property instead of access.

MethodDescription
db.signup()Connects to a local or remote database endpoint
db.signin()Signs in to a root, namespace, database or scope user
db.invalidate()Invalidates the current session
db.authenticate()Authenticates a user with a token

Defining access in your application

The JavaScript SDK has a .query() method which allows you to write secure SurrealQL statements from within your application. Using this method, you can define access for your users and securely manage authentication. See the code example below:

... // Assign the variable on the connection const authentication = await db.query( " DEFINE ACCESS account ON DATABASE TYPE RECORD SIGNUP ( CREATE user SET email = $email, pass = crypto::argon2::generate($pass) ) SIGNIN ( SELECT * FROM user WHERE email = $email AND crypto::argon2::compare(pass, $pass) ) DURATION FOR TOKEN 15m, FOR SESSION 12h; " ); ...
Note

Depending on the connection protocol you choose, authentication tokens and sessions lifetime work differently. Refer to the connection options documentation for more information.

User authentication

After you have defined your authentication login, you can use the following methods to authenticate users:

.signup()

Signs up to a specific authentication scope / access method.

Method Syntax
async db.signup({`{ namespace, database, [ scope | access ], [...] }`})

Arguments

ArgumentsDescription
namespace required

The namespace to sign up to

database required

The database to sign up to

access required

The access to sign up to. Also pass any variables used in the access under the variables key. Only supported from SurrealDB 2.x onwards

variables optional

The variables to pass to the access definition

Example usage

// With Record Access const token = await db.signup({ namespace: 'surrealdb', database: 'docs', access: 'account', // Also pass any properties required by the access definition variables: { email: 'info@surrealdb.com', pass: '123456', }, });

.signin()

Signs in to a root, namespace, database or scope user.

Method Syntax
async db.signin({`{ ... }`})

Arguments

PropertiesDescription
username REQUIRED FOR ROOT, NAMESPACE & DATABASE

The username of the database user

password REQUIRED FOR ROOT, NAMESPACE & DATABASE

The password of the database user

namespace REQUIRED FOR DATABASE & ACCESS

The namespace to sign in to

database REQUIRED FOR ACCESS

The database to sign in to

access

The access to sign in to. Also pass any variables used in the access under the variables key. Only supported from SurrealDB 2.x onwards

Example usage

// Authenticate with a root user const token = await db.signin({ username: 'root', password: 'surrealdb', });

.invalidate()

Invalidates the authentication for the current connection.

Method Syntax
async db.invalidate()

Example usage

await db.invalidate();

.authenticate()

Authenticates the current connection with a JWT token.

Method Syntax
async db.authenticate(token)

Arguments

ArgumentsDescription
token required

The JWT authentication token.

Example usage

await db.authenticate('eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJTdXJyZWFsREIiLCJpYXQiOjE1MTYyMzkwMjIsIm5iZiI6MTUxNjIzOTAyMiwiZXhwIjoxODM2NDM5MDIyLCJOUyI6InRlc3QiLCJEQiI6InRlc3QiLCJTQyI6InVzZXIiLCJJRCI6InVzZXI6dG9iaWUifQ.N22Gp9ze0rdR06McGj1G-h2vu6a6n9IVqUbMFJlOxxA');

Learn more

Learn more about authentication in SurrealDB in our security best practices documentation and in the security section of the SurrealDB documentation.

© SurrealDB GitHub Discord Community Cloud Features Releases Install