How Authentication Works

In this guide, we'll explore how authentication works within the Xano platform, and how you can set it up for your web and mobile applications with ease. Xano has a native authentication feature equipped with pre-built logic, making managing logins and signups simple and efficient.

Setting Up the User Table

The first step is to create a user table in your database. Here's how you can do it:

1. Go to your database and create a new table for users.2. Add two fields: an email field (set as a unique index) and a password field.3. Click the three dots in the top-right corner, go to settings, and enable authentication for this table.

Creating Authentication Endpoints

With the user table set up, you can now create authentication endpoints for signup and login.

Signup Endpoint

1. Go to your API, create a new API group, and add a new endpoint.2. Choose "Authentication" and select "Signup."3. Specify the unique field (email) and the password column from your user table.4. This endpoint will have two inputs: email and password.5. The first step checks if the email already exists in the database. If not, it adds a new record to the user table with the provided email and password, and creates an authentication token for the user.

Login Endpoint

1. Add a new API endpoint and choose "Authentication" and "Login" for your user table.2. This endpoint has similar inputs (email and password) to the signup endpoint.3. The first step checks if the user exists in the database and if the provided password is valid.4. If the credentials are valid, it creates an authentication token for the user.

Managing Authentication Tokens

When you run the signup or login endpoint, you'll receive a JWT token for the user. This token contains the user's ID and expiration date (by default, it expires in one day).

You can customize the token settings in the "Create Authentication Token" function:

• Set the database table for which you want to create tokens.- Add extra claims or data to the token (e.g., user role).- Set the expiration time for the token (in seconds) or leave it blank for a non-expiring token (not recommended for security reasons).- Provide the ID of the user for whom you want to create the token.

Accessing Authenticated Endpoints

With the auth token, you can make requests to authenticated API endpoints, such as the default "auth me" endpoint. This endpoint fetches the user record based on the ID provided in the token.

To test authenticated endpoints, you can use the "auth token" box in the Xano platform to generate a token on the fly for any user in your database.

Customizing Authentication Workflows

If you need to handle authentication outside of Xano, you can create custom authentication workflows using the platform's native functions (`jwt_encode`, `jwt_decode`, `jws_encode`, and `jws_decode`) under the Security section.

Additionally, you can generate tokens based on specific fields (e.g., email) by disabling the default authentication flows and creating your own logic.

That's it! With Xano's authentication feature, you can quickly set up user authentication for your applications without writing code. If you have any questions or need further assistance, feel free to reach out to the Xano community or consult the documentation.