Authentication

User Authentication and Management

R2R provides a comprehensive set of user authentication and management features, allowing you to implement secure and feature-rich authentication systems in your applications.

User Registration

To register a new user:

register_response = client.register("user@example.com", "password123")

Response

response

dict

{
  'results': {
    'email': 'user@example.com',
    'id': 'bf417057-f104-4e75-8579-c74d26fcbed3',
    'hashed_password': '$2b$12$p6a9glpAQaq.4uzi4gXQru6PN7WBpky/xMeYK9LShEe4ygBf1L.pK',
    'is_superuser': False,
    'is_active': True,
    'is_verified': False,
    'verification_code_expiry': None,
    'name': None,
    'bio': None,
    'profile_picture': None,
    'created_at': '2024-07-16T22:53:47.524794Z',
    'updated_at': '2024-07-16T22:53:47.524794Z'
  }
}

Email Verification

If email verification is enabled, verify a user’s email:

verify_response = client.verify_email("verification_code_here")

Response

To log in and obtain access tokens:

login_response = client.login("user@example.com", "password123")

Response

response

dict

{
  'results': {
    'access_token': {
      'token': 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...',
      'token_type': 'access'
    },
    'refresh_token': {
      'token': 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...',
      'token_type': 'refresh'
    }
  }
}

Get Current User Info

Retrieve information about the currently authenticated user:

user_info = client.user()

Response

response

dict

{
  'results': {
    'email': 'user@example.com',
    'id': '76eea168-9f98-4672-af3b-2c26ec92d7f8',
    'hashed_password': 'null',
    'is_superuser': False,
    'is_active': True,
    'is_verified': True,
    'verification_code_expiry': None,
    'name': None,
    'bio': None,
    'profile_picture': None,
    'created_at': '2024-07-16T23:06:42.123303Z',
    'updated_at': '2024-07-16T23:22:48.256239Z'
  }
}

Refresh Access Token

Refresh an expired access token:

refresh_response = client.refresh_access_token()

Response

response

dict

{
  'results': {
    'access_token': {
      'token': 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...',
      'token_type': 'access'
    },
    'refresh_token': {
      'token': 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...',
      'token_type': 'refresh'
    }
  }
}

Change Password

Change the user’s password:

change_password_result = client.change_password("password123", "new_password")

Response

Request Password Reset

Request a password reset for a user:

reset_request_result = client.request_password_reset("user@example.com")

Response

Confirm Password Reset

Confirm a password reset using the reset token:

reset_confirm_result = client.confirm_password_reset("reset_token_here", "new_password")

Response

Update User Profile

Update the user’s profile information:

update_result = client.update_user(name="John Doe", bio="R2R enthusiast")

Response

response

dict

{
  'results': {
    'email': 'user@example.com',
    'id': '76eea168-9f98-4672-af3b-2c26ec92d7f8',
    'hashed_password': 'null',
    'is_superuser': False,
    'is_active': True,
    'is_verified': True,
    'verification_code_expiry': None,
    'name': 'John Doe',
    'bio': 'R2R enthusiast',
    'profile_picture': None,
    'created_at': '2024-07-16T23:06:42.123303Z',
    'updated_at': '2024-07-16T23:22:48.256239Z'
  }
}

Delete User Account

Delete the user’s account:

user_id = register_response["results"]["id"] # input unique id here
delete_result = client.delete_user(user_id, "password123")

Response

User Logout

Log out and invalidate the current access token:

logout_response = client.logout()

Response

Superuser Capabilities

Superusers have additional privileges, including access to system-wide operations and sensitive information. To use superuser capabilities, authenticate as a superuser or the default admin:

# Login as admin
login_result = client.login("admin@example.com", "admin_password")

# Access superuser features
users_overview = client.users_overview()
logs = client.logs()
analytics_result = client.analytics(
    {"all_latencies": "search_latency"},
    {"search_latencies": ["basic_statistics", "search_latency"]}
)

Superuser actions should be performed with caution and only by authorized personnel. Ensure proper security measures are in place when using superuser capabilities.

Security Considerations

When implementing user authentication, consider the following best practices:

Always use HTTPS in production to encrypt data in transit.
Implement rate limiting to protect against brute-force attacks.
Use secure password hashing (R2R uses bcrypt by default).
Consider implementing multi-factor authentication (MFA) for enhanced security.
Conduct regular security audits of your authentication system.

For more advanced use cases or custom implementations, refer to the R2R documentation or reach out to the community for support.

Getting Started

Setup

Deployment

Deep Dives

User Authentication and Management

User Registration

Email Verification

Get Current User Info

Refresh Access Token

Change Password

Request Password Reset

Confirm Password Reset

Update User Profile

Delete User Account

User Logout

Superuser Capabilities

Security Considerations

Getting Started

Setup

Deployment

Deep Dives

​User Authentication and Management

​User Registration

​Email Verification

​User Login

​Get Current User Info

​Refresh Access Token

​Change Password

​Request Password Reset

​Confirm Password Reset

​Update User Profile

​Delete User Account

​User Logout

​Superuser Capabilities

​Security Considerations

User Authentication and Management

User Registration

Email Verification

User Login

Get Current User Info

Refresh Access Token

Change Password

Request Password Reset

Confirm Password Reset

Update User Profile

Delete User Account

User Logout

Superuser Capabilities

Security Considerations