Xano - Authentication

In this guide, we'll explore how Xano handles authentication, allowing you to securely manage user access to your applications. Xano's flexible approach enables you to authenticate users against a single table or even multiple tables, giving you complete control over your authentication process.

Step 1: Enable Authentication for Your Database Table

The first step in setting up authentication is to enable it for the desired database table. Here's how you can do it:

1. Navigate to your database table (e.g., the "user" table) in the Xano interface.
2. Click on the three-dot menu in the top-right corner and select "Settings."
3. In the settings window, you'll find the "Authentication" option. Make sure it's enabled for the table you want to use for authentication purposes.
4. Click "Save" to apply the changes.

By enabling authentication for a table, you're telling Xano that you want to use it as an authentication source for your application.

Step 2: Explore the Authentication API Endpoints

Xano automatically generates API endpoints for handling authentication-related operations. These endpoints are associated with the database table you enabled for authentication. To access them:

1. Navigate to the API section in the Xano interface.
2. Look for the "auth" group, which contains three endpoints: "auth me," "auth sign up," and "auth login."

Let's explore each of these endpoints:

auth me

This endpoint retrieves the user record associated with the provided authentication token. It's marked with a lock icon, indicating that authentication is required to access it. By default, Xano uses JSON Web Encryption (JWE) tokens, a secure and standard way of handling authentication tokens on the web.

auth sign up

This endpoint allows new users to sign up for your application. It typically accepts inputs like email and password, which are then used to create a new user record in the authentication table.

auth login

This endpoint is responsible for authenticating existing users and retrieving their authentication tokens. It accepts inputs like email and password, and upon successful authentication, it generates and returns an authentication token.

Step 3: Understand the auth login Endpoint

To better understand the authentication process, let's dive into the "auth login" endpoint:

1. Open the "auth login" endpoint in the Xano interface.
2. You'll see the input fields (email and password) that users will provide during the login process.
3. Next, you'll find the function stack, which contains the logic for handling the authentication process.

Here's a breakdown of the function stack:

1. Get User Record: This function retrieves the user record based on the provided email input.
2. Precondition: This step ensures that the user record exists in the database.
3. Check Password: Xano compares the provided password input with the stored password in the user record.
4. Precondition: This step verifies that the password check passed successfully.
5. Create Authentication Token: If all the previous steps are successful, Xano generates an authentication token for the user. This token contains the user ID, the database table used for authentication, an expiration time (by default, 7 days or 86,400 seconds), and an optional "extras" payload for storing additional data.

After running the "auth login" endpoint with valid credentials, you'll receive the generated authentication token. This token can then be used to access authenticated API endpoints by providing it as input.

Step 4: Access Authenticated API Endpoints

With the authentication token in hand, you can now access API endpoints that require authentication. Here's how:

1. Navigate to the API endpoint you want to access (e.g., the "auth me" endpoint).
2. Click on the three-dot menu and select "Settings."
3. In the settings window, ensure that "User Authentication" is enabled for this endpoint.
4. When running the endpoint, provide the authentication token in the designated input field.

Xano will validate the provided token and, if valid, allow access to the requested endpoint, returning the associated user record or performing the desired operation.

Conclusion

Xano's flexible authentication system empowers you to build secure applications with ease. By following the steps outlined in this guide, you can enable authentication for your database tables, explore the auto-generated authentication API endpoints, understand the authentication process, and access authenticated endpoints using valid tokens.

Remember, Xano's documentation provides even more detailed information on authentication and other advanced topics. Don't hesitate to dive deeper and unlock the full potential of this powerful no-code platform.