Auth

Firebase Auth alternative — verify user tokens and manage users for your applications.


import { EspaceTech } from "@espace-tech/sdk";
const client = new EspaceTech({ apiToken: process.env.ESPACE_TECH_TOKEN! });

Verify Token

Verify a user’s authentication token from your Auth App. Use this in your backend middleware to protect API routes.


const result = await client.auth.verifyToken("auth-app-id", token);
 
if (result.valid) {
  console.log(result.user_id);  // "usr_abc123"
  console.log(result.email);    // "user@example.com"
  console.log(result.name);     // "John Doe"
  console.log(result.provider); // "google"
}

Returns:

Property	Type	Description
`valid`	`boolean`	Whether the token is valid
`user_id`	`string`	User’s unique ID
`email`	`string`	User’s email
`name`	`string`	User’s display name
`provider`	`string`	Auth provider (`email`, `google`, `github`)

Express.js Middleware


import express from "express";
import { EspaceTech } from "@espace-tech/sdk";
 
const client = new EspaceTech({ apiToken: process.env.ESPACE_TECH_TOKEN! });
const app = express();
 
app.use("/api", async (req, res, next) => {
  const token = req.headers.authorization?.replace("Bearer ", "");
  if (!token) return res.status(401).json({ error: "Unauthorized" });
 
  try {
    const user = await client.auth.verifyToken("auth-app-id", token);
    if (!user.valid) return res.status(401).json({ error: "Invalid token" });
    req.user = user;
    next();
  } catch {
    res.status(401).json({ error: "Auth failed" });
  }
});

Next.js Middleware


// middleware.ts
import { EspaceTech } from "@espace-tech/sdk";
 
const client = new EspaceTech({ apiToken: process.env.ESPACE_TECH_TOKEN! });
 
export async function middleware(req) {
  const token = req.cookies.get("auth_token")?.value;
  if (!token) return Response.redirect(new URL("/login", req.url));
 
  const user = await client.auth.verifyToken("auth-app-id", token);
  if (!user.valid) return Response.redirect(new URL("/login", req.url));
 
  return NextResponse.next();
}
 
export const config = { matcher: ["/dashboard/:path*"] };

List Users

List users registered in your Auth App with pagination and search.


const { users, total } = await client.auth.listUsers("auth-app-id", {
  page: 1,
  limit: 50,
  search: "john",
});
 
for (const user of users) {
  console.log(user.id, user.email, user.name, user.provider);
}

Options:

Name	Type	Default	Description
`page`	`number?`	`1`	Page number
`limit`	`number?`	`20`	Results per page
`search`	`string?`	—	Search by name or email

Disable / Enable User


// Disable (block login)
await client.auth.disableUser("auth-app-id", "user-id");
 
// Re-enable
await client.auth.enableUser("auth-app-id", "user-id");

Delete User


await client.auth.deleteUser("auth-app-id", "user-id");

This permanently deletes the user account. The user will need to re-register.

Auth App Management

Create Auth App


const app = await client.auth.createApp({
  name: "My App Auth",
  project_id: "project-id",
  providers: {
    email: true,
    google: true,
    github: true,
  },
});

Get Auth App


const app = await client.auth.getApp("auth-app-id");

Update Auth App


await client.auth.updateApp("auth-app-id", {
  name: "Updated Name",
  providers: { email: true, google: true, github: false },
});

Get Statistics


const stats = await client.auth.getStats("auth-app-id");
console.log(stats.total_users);   // 1542
console.log(stats.logins_today);  // 87

Rotate Keys

Rotate the Auth App’s signing keys. Existing tokens signed with the old key will become invalid.


await client.auth.rotateKeys("auth-app-id");

Rotating keys invalidates all existing user tokens. Users will need to log in again.

Delete Auth App


await client.auth.deleteApp("auth-app-id");