> ## Documentation Index
> Fetch the complete documentation index at: https://docs.ub.bitbros.in/llms.txt
> Use this file to discover all available pages before exploring further.

# Auth

> Manage user accounts, sessions, and social authentication with the SDK auth module.

You can access auth methods via `client.auth`. When you call `login()` or `refreshToken()`, the module stores the `accessToken` and uses it for subsequent authenticated requests such as `me()` or `updateProfile()`.

## `signUp`

Create a new user account.

```typescript theme={null}
signUp(payload: SignUpPayload): Promise<AuthUser>
```

**Example**

```typescript theme={null}
const user = await client.auth.signUp({
  email: 'alice@example.com',
  password: 'secret123',
  username: 'alice_dev',
  name: 'Alice',
});
```

***

## `login`

Authenticate an existing user. The returned `accessToken` is stored internally.

```typescript theme={null}
login(payload: LoginPayload): Promise<AuthResponse>
```

**Returns** `AuthResponse`

```typescript theme={null}
interface AuthResponse {
  accessToken?: string;
  token?: string; // Alias for accessToken (deprecated)
  expiresIn?: string;
  userId?: string;
  user?: AuthUser;
}
```

**Example**

```typescript theme={null}
const { accessToken, user } = await client.auth.login({
  email: 'alice@example.com',
  password: 'secret123',
});
```

***

## `refreshToken`

Rotate the current access token.

* **Browser**: Call without arguments. It will automatically use the `refreshToken` stored in your HTTP-only cookies.
* **Mobile/Node**: Pass the `refreshToken` string manually.

```typescript theme={null}
refreshToken(refreshToken?: string): Promise<AuthResponse>
```

***

## `me`

Fetch the profile of the currently authenticated user.

```typescript theme={null}
me(token?: string): Promise<AuthUser>
```

***

## `updateProfile`

Update the authenticated user's profile fields.

```typescript theme={null}
updateProfile(payload: UpdateProfilePayload, token?: string): Promise<{ message: string }>
```

**Example**

```typescript theme={null}
await client.auth.updateProfile({ name: 'Alice Smith' });
```

***

## `changePassword`

Change the authenticated user's password.

```typescript theme={null}
changePassword(payload: ChangePasswordPayload, token?: string): Promise<{ message: string }>
```

***

## Social auth

urBackend supports OAuth via GitHub and Google.

### `socialStart`

You receive a URL to initiate the OAuth flow. Redirect your user's browser to this URL.

```typescript theme={null}
socialStart(provider: 'github' | 'google'): string
```

### `socialExchange`

Exchange the `rtCode` received at your callback URL for a refresh token.

```typescript theme={null}
socialExchange(payload: SocialExchangePayload): Promise<SocialExchangeResponse>
```

**Example**

```typescript theme={null}
// At your /auth/callback page
const urlParams = new URLSearchParams(window.location.search);
const rtCode = urlParams.get('rtCode');
const token = new URLSearchParams(window.location.hash.slice(1)).get('token');

if (!token || !rtCode) {
  throw new Error('Missing required OAuth callback parameters');
}

const { refreshToken } = await client.auth.socialExchange({ token, rtCode });
```

***

## Account verification

Use these methods to handle email OTP flows.

| Method                           | Description                                    |
| -------------------------------- | ---------------------------------------------- |
| `verifyEmail(payload)`           | Verify an account using the OTP sent to email. |
| `resendVerificationOtp(payload)` | Request a new verification OTP.                |
| `requestPasswordReset(payload)`  | Start the "forgot password" flow.              |
| `resetPassword(payload)`         | Complete password reset using an OTP.          |

***

## `publicProfile`

Fetch a public-safe profile for any user by their username. This does not return sensitive fields like email or provider IDs.

```typescript theme={null}
publicProfile(username: string): Promise<AuthUser>
```

***

## `logout`

Call this to revoke your current session on the server and clear the local token.

```typescript theme={null}
logout(token?: string): Promise<{ success: boolean; message: string }>
```

***

## Manual token management

If you need to manage tokens manually (for example, after social auth), you can use these helper methods:

* `getToken()`: Returns the current in-memory access token.
* `setToken(token)`: Manually set the access token for the client.
