User in a Selfbits Project

A Selfbits User represents the account of a user who signed up to an app that is powered by one of your Selfbits Projects. You can write multiple frontend applications that access the project's API but they share a single user database.

User Properties

A Selfbits User has a fixed set of properties that are available. The properties are:

  • _id (String): a unique user id that is generated on signup
  • picture (String): an url to the user's profile picture
  • displayName (String): arbitrary user name as a string
  • role (Role): the user's role referenced by role ID
  • emails (Array): an array of the user's email address objects:
    • email (String): Email address as a string
    • verified (Boolean): Boolean flag to show if this email address is verified
    • primary (Boolean): Boolean flag to indicate primary and secondary email addresses
  • providers (Array): Social authentication providers
    • id (String): The provider specific user identifier
    • displayName (String): The provider specific user display name
    • providerName (String): The provider name

User Signup

When a user signs up to one of your apps, a new account is created with a unique _id. All available information is persisted in the user's profile:

  • /auth/signup: email and password values are required. The given email is persisted as a primary but non-verified email address. picture and displayName are optional. The new user is assigned to the current default role.
  • /auth/signup/anonymous: If the developer activates anonymous signup, users can sign up without supplying an email address. An account is created with a generated email (<uid>@<project>-api.selfbits.io), a random password and the ANONYMOUS role.
  • /oauth/[provider]: If the social auth provider is successfully configured and activated by the developer, users can sign up with their social accounts. By granting the permission to fetch the user's profile, Selfbits can fetch the profile and the social provider (id, displayName and providerName) is added to the providers array. The user's social profile is fetched and the email (marked as primary and verified), picture and displayName are persisted if they are available.