Documentation Index Fetch the complete documentation index at: https://docs.strikebet.app/llms.txt
Use this file to discover all available pages before exploring further.
Overview Strike Auth Service provides comprehensive user management capabilities, handling the complete user lifecycle from registration to deletion. The service manages user profiles, authentication credentials, and metadata while ensuring security and compliance.
User Lifecycle
Registration
Users register with email/phone and password, or through OAuth providers
Verification
Email or phone verification confirms user identity
Authentication
Users sign in to receive access tokens for API access
Profile Management
Users can update their profile information and preferences
Account Maintenance
Password changes, email updates, and security settings
Deactivation/Deletion
Account suspension or permanent deletion when needed
User Data Structure Core User Fields { "id" : "123e4567-e89b-12d3-a456-426614174000" , "aud" : "authenticated" , "role" : "authenticated" , "email" : "user@example.com" , "phone" : "+1234567890" , "email_confirmed_at" : "2023-01-01T00:00:00Z" , "phone_confirmed_at" : "2023-01-01T00:00:00Z" , "last_sign_in_at" : "2023-01-01T12:00:00Z" , "created_at" : "2023-01-01T00:00:00Z" , "updated_at" : "2023-01-01T12:00:00Z" }
User Roles and Permissions Default Roles Role Description Capabilities authenticatedStandard user Access to user endpoints adminAdministrator Full system access service_roleService account Server-to-server operations
Custom Roles You can define custom roles in the app_metadata:
{ "app_metadata" : { "roles" : [ "moderator" , "premium_user" ], "permissions" : [ "read:posts" , "write:comments" ] } }
Registration Methods Email/Password Registration Traditional registration with email verification:
const user = await authService . signup ({ email: 'user@example.com' , password: 'securepassword123' , data: { first_name: 'John' , last_name: 'Doe' } });
Phone/Password Registration Registration with SMS verification:
const user = await authService . signup ({ phone: '+1234567890' , password: 'securepassword123' , data: { first_name: 'John' , last_name: 'Doe' } });
OAuth Registration Registration through external providers:
// Redirect to OAuth provider window . location . href = '/authorize?provider=google&redirect_to=/dashboard' ;
Profile Management Users can update their profile information:
const updatedUser = await authService . updateUser ({ data: { first_name: 'Jane' , avatar_url: 'https://example.com/new-avatar.jpg' , preferences: { theme: 'light' , notifications: false } } });
Changing Email Email changes require verification:
// Request email change await authService . updateUser ({ email: 'newemail@example.com' }); // User receives confirmation email // After clicking link, email is updated
Changing Password Password changes require current password:
await authService . updateUser ({ password: 'newsecurepassword123' });
Admin User Management Creating Users (Admin) Administrators can create users with specific settings:
const newUser = await authService . admin . createUser ({ email: 'admin-created@example.com' , password: 'temporarypassword' , email_confirm: true , // Skip email verification user_metadata: { role: 'manager' , department: 'sales' }, app_metadata: { roles: [ 'manager' ], created_by: 'admin' } });
Updating Users (Admin) Admins can update any user’s information:
const updatedUser = await authService . admin . updateUser ( userId , { email_confirm: true , ban_duration: 'none' , // Unban user app_metadata: { roles: [ 'admin' ], last_admin_action: new Date (). toISOString () } });
User Invitations Send invitations to new users:
const invitation = await authService . admin . inviteUser ({ email: 'invited@example.com' , data: { invited_by: 'admin@example.com' , role: 'editor' }, redirect_to: 'https://yourapp.com/welcome' });
User States Account Status Users can be in various states:
Active : Normal user with full accessUnconfirmed : Registered but email/phone not verifiedBanned : Temporarily or permanently suspendedDeleted : Account marked for deletion
Confirmation Status Track verification status:
// Check if user needs verification if ( ! user . email_confirmed_at ) { // Show email verification prompt await authService . resend ({ type: 'signup' , email: user . email }); }
Security Features Password Security
Hashing : Passwords are hashed using bcryptComplexity : Configurable password requirementsHistory : Prevent password reuseExpiration : Optional password expiration policies
Account Protection
Rate Limiting : Prevent brute force attacksAccount Lockout : Temporary lockout after failed attemptsAudit Logging : Track all user actionsSession Management : Control active sessions
Data Privacy
GDPR Compliance : Support for data export and deletionData Minimization : Only collect necessary informationEncryption : Sensitive data encrypted at restAccess Controls : Role-based access to user data
Best Practices
Implement email/phone verification
Use strong password requirements
Collect minimal required information
Provide clear privacy policy
Allow users to control their data
Implement proper validation
Provide data export functionality
Support account deletion
Require admin authentication
Log all admin actions
Implement approval workflows
Use principle of least privilege
Regular security audits
Monitor for suspicious activity
Implement proper session management
Keep user data encrypted
Integration Examples React User Profile Component import { useState , useEffect } from 'react' ; import { useAuth } from './auth-context' ; function UserProfile () { const { user , updateUser } = useAuth (); const [ profile , setProfile ] = useState ( user ?. user_metadata || {}); const handleSave = async () => { try { await updateUser ({ data: profile }); alert ( 'Profile updated successfully!' ); } catch ( error ) { alert ( 'Failed to update profile' ); } }; return ( < div > < h2 > User Profile </ h2 > < input type = "text" placeholder = "First Name" value = { profile . first_name || '' } onChange = { ( e ) => setProfile ({ ... profile , first_name: e . target . value }) } /> < input type = "text" placeholder = "Last Name" value = { profile . last_name || '' } onChange = { ( e ) => setProfile ({ ... profile , last_name: e . target . value }) } /> < button onClick = { handleSave } > Save Profile </ button > </ div > ); }
Node.js Admin Dashboard const express = require ( 'express' ); const { createClient } = require ( '@supabase/supabase-js' ); const app = express (); const supabase = createClient ( url , serviceRoleKey ); // Get all users (admin only) app . get ( '/admin/users' , async ( req , res ) => { try { const { data : users , error } = await supabase . auth . admin . listUsers (); if ( error ) throw error ; res . json ( users ); } catch ( error ) { res . status ( 500 ). json ({ error: error . message }); } }); // Update user (admin only) app . put ( '/admin/users/:id' , async ( req , res ) => { try { const { data : user , error } = await supabase . auth . admin . updateUserById ( req . params . id , req . body ); if ( error ) throw error ; res . json ( user ); } catch ( error ) { res . status ( 500 ). json ({ error: error . message }); } });
Authentication Learn about authentication methods and token management
Security Understand security features and best practices
API Reference Detailed API documentation for user endpoints
Admin Operations Guide to administrative user management
