Authentication

ShipOS authentication handles the complexity of secure user management, from signup flows to password resets, so you can focus on building your product's core features instead of reinventing security infrastructure.

Authentication in ShipOS supports multiple strategies including email/password, OAuth providers (Google, GitHub, Microsoft), and magic links. The system automatically handles password hashing, session management, and security best practices like rate limiting login attempts.

Setting up basic email/password authentication requires minimal configuration. The registration process automatically sends verification emails using ShipOS's built-in email service:

// User registration and login
const user = await shipos.auth.register({
  email: 'user@example.com',
  password: 'securePassword123'
});

const session = await shipos.auth.login({
  email: 'user@example.com', 
  password: 'securePassword123'
});

// User registration and login
const user = await shipos.auth.register({
  email: 'user@example.com',
  password: 'securePassword123'
});

const session = await shipos.auth.login({
  email: 'user@example.com', 
  password: 'securePassword123'
});

// User registration and login
const user = await shipos.auth.register({
  email: 'user@example.com',
  password: 'securePassword123'
});

const session = await shipos.auth.login({
  email: 'user@example.com', 
  password: 'securePassword123'
});

For enhanced security, enable two-factor authentication (2FA) in your project settings. ShipOS supports both TOTP and SMS verification. The system generates backup codes automatically and handles the entire 2FA flow including QR code generation for authenticator apps.

Session management is handled automatically with secure, HTTP-only cookies. Sessions expire after 30 days of inactivity by default, but this is configurable per project. The system supports concurrent sessions across devices and provides comprehensive session management tools.