Auth

Email and password login

Classic authentication done right - secure signup, login, verification, and password recovery with Nuvix's built-in protections.

The authentication method everyone knows. Nuvix handles the security heavy lifting with Argon2 password hashing, built-in validation, and optional features to help users pick better passwords.

Create an account

Standard signup with email and password:

import { Client, ID } from "nuvix";

const nx = new Client()
    .setEndpoint('https://api.nuvix.in/v1')
    .setProject('<PROJECT_ID>');

try {
    const user = await nx.account.create({
        userId: ID.unique(),
        email: 'user@example.com',
        password: 'secure-password'
    });
    console.log('Account created:', user);
} catch (error) {
    console.error('Signup failed:', error);
}

Security built-in:

  • Passwords hashed with Argon2 (industry standard)
  • Automatic validation for email format
  • Optional password strength requirements

Login

After creating an account, users can sign in with their email and password:

import { Client } from "nuvix";

const nx = new Client()
    .setEndpoint('https://api.nuvix.in/v1')
    .setProject('<PROJECT_ID>');

try {
    const session = await nx.account.createEmailPasswordSession(
        'user@example.com',
        'secure-password'
    );
    console.log('Login successful:', session);
} catch (error) {
    console.error('Login failed:', error);
}

Email verification

Verify user emails to ensure deliverability and prevent spam. Users can log in without verification, but you can restrict access to verified users only.

Send verification email

import { Client } from "nuvix";

const nx = new Client()
    .setEndpoint('https://api.nuvix.in/v1')
    .setProject('<PROJECT_ID>');

try {
    await nx.account.createVerification('https://yourapp.com/verify');
    console.log('Verification email sent');
} catch (error) {
    console.error('Failed to send verification:', error);
}

Complete verification

Handle the verification callback in your app:

// On your verification page (e.g., https://yourapp.com/verify)
import { Client } from "nuvix";

const nx = new Client()
    .setEndpoint('https://api.nuvix.in/v1')
    .setProject('<PROJECT_ID>');

// Get verification data from URL
const urlParams = new URLSearchParams(window.location.search);
const userId = urlParams.get('userId');
const secret = urlParams.get('secret');

try {
    await nx.account.updateVerification(userId, secret);
    console.log('Email verified successfully');
} catch (error) {
    console.error('Verification failed:', error);
}

Password recovery

Help users reset forgotten passwords securely:

Initiate password reset

import { Client } from "nuvix";

const nx = new Client()
    .setEndpoint('https://api.nuvix.in/v1')
    .setProject('<PROJECT_ID>');

try {
    await nx.account.createRecovery(
        'user@example.com',
        'https://yourapp.com/reset-password'
    );
    console.log('Password reset email sent');
} catch (error) {
    console.error('Failed to send reset email:', error);
}

Complete password reset

Handle the password reset confirmation:

// On your reset password page
import { Client } from "nuvix";

const nx = new Client()
    .setEndpoint('https://api.nuvix.in/v1')
    .setProject('<PROJECT_ID>');

// Get reset data from URL
const urlParams = new URLSearchParams(window.location.search);
const userId = urlParams.get('userId');
const secret = urlParams.get('secret');
const newPassword = 'new-secure-password';

try {
    await nx.account.updateRecovery(userId, secret, newPassword);
    console.log('Password reset successful');
} catch (error) {
    console.error('Password reset failed:', error);
}

Advanced security features

Nuvix provides additional security features to protect your users:

Password policies

Enable advanced password requirements in your project settings:

  • Password dictionary: Prevent common passwords
  • Password history: Prevent password reuse
  • Personal info blocking: Block passwords containing user data
  • Minimum requirements: Set length and complexity rules

Session management

Control how sessions work:

// Delete current session
await nx.account.deleteSession('current');

// Delete all sessions
await nx.account.deleteSessions();

// List all sessions
const sessions = await nx.account.listSessions();

Account security

Monitor and manage account security:

// Update password
await nx.account.updatePassword('new-password', 'current-password');

// Update email
await nx.account.updateEmail('new-email@example.com', 'current-password');

// Get account info
const user = await nx.  account.get();

Best practices

Secure your forms

  • Use HTTPS for all authentication pages
  • Implement rate limiting on your login forms
  • Add CAPTCHA for repeated failed attempts

User experience

  • Provide clear error messages
  • Show password strength indicators
  • Offer social login alternatives

Error handling

Common authentication errors and solutions:

How is this guide?

Last update:

Multi-tenancy with Teams

Learn how to implement multi-tenancy in your applications using Nuvix Teams.

Magic URL login

One-click login sent to email - users click a link and they're authenticated, no passwords, no codes, just magic.

On this page

Create an account
Login
Email verification
Send verification email
Complete verification
Password recovery
Initiate password reset
Complete password reset
Advanced security features
Password policies
Session management
Account security
Best practices
Error handling