Authentication

NaijaBase Auth handles user signup, login, and session management for your app. All users are stored in your project's database in Lagos, Nigeria.

Email & Password

import { createClient } from '@naijabase/js'
const naijabase = createClient(PROJECT_URL, ANON_KEY)

// Sign up a new user
const { user, error } = await naijabase.auth.signUp({
  email: 'user@example.com',
  password: 'securepassword',
})

// Sign in
const { user, session, error } = await naijabase.auth.signIn({
  email: 'user@example.com',
  password: 'securepassword',
})

// Sign out
await naijabase.auth.signOut()

// Get the currently logged-in user
const user = naijabase.auth.user()

Get the current user in your backend

Pass the user's JWT to your Express/Node.js server and verify it:

// In your Express route
const token = req.headers.authorization?.split(' ')[1]
const { user, error } = await naijabase.auth.getUser(token)

if (error || !user) {
  return res.status(401).json({ error: 'Unauthorized' })
}

// user.id is now available for RLS queries

Password security

• Passwords are hashed with bcrypt before storage
• Plain-text passwords are never stored or logged
• Minimum password requirements are enforced at the API level

Session management

Sessions are stored as JWTs in localStorage. The SDK automatically attaches the session token to all API requests.

To check session status:

const user = naijabase.auth.user()
if (!user) {
  // redirect to login
}

Use with Row Level Security

Combine Auth with RLS policies to let the database enforce that users can only access their own data:

-- Users can only read their own data
CREATE POLICY "own data only"
ON user_records
FOR SELECT
USING (user_id = auth.uid());

The auth.uid() function returns the ID of the currently authenticated user from the JWT.

User Management

All users who sign up through your app appear in your NaijaBase project under the Auth tab on the dashboard. You can view, disable, or delete users from there.