dbAuth v0.36 Upgrade Guide and Breaking Changes

Redwood v0.36 adds two feature requests to dbAuth (see PR#3111):

  1. Ability to deny login to a user that would otherwise be able to log in (username and password match). A great example of this is a user that hasn’t verified their email address yet.
  2. Ability to skip auto-login after successful signup. Now you can return a message to the user instead, something like “Verify your email to finish signup”.

See the dbAuth Configuration docs for more info.

:warning: These are breaking changes. Follow the Upgrade Guide below.

1. New loginHandler()

By throwing an error with a message in the new loginHandler() option, you can deny them access and show a message:

2. signupHandler() Updates

If you return a user from this function then that user will be signed in.

If you return a string, they will NOT be logged in, and {message: "My text here"} will be returned when you call the signUp() function that you get from useAuth().

If you throw an error, {error: "Error message"} will be returned from signUp().

Upgrade Guide for Breaking Changes


This will require that users who have implemented dbAuth since the last release add a loginHandler() function in their api/src/functions/auth.js setup.

A new instance of DbAuthHandler is created and passed several options. loginHandler() needs to be added to that list:

  const authHandler = new DbAuthHandler(event, context, {
    db: db,
    authModelAccessor: 'user',
    authFields: {
      id: 'id',
      username: 'email',
      hashedPassword: 'hashedPassword',
      salt: 'salt',
    signupHandler: ({ username, hashedPassword, salt, userAttributes }) => {
      return db.user.create({
        data: {
          email: username,
          hashedPassword: hashedPassword,
          salt: salt,
          // name: userAttributes.name
    loginExpires: 60 * 60 * 24 * 365 * 10,

    // ********* ADD THIS FUNCTION ************
    loginHandler: (user) => {
      return user

No changes are necessary to signupHandler() as this is NEW functionality and existing functionality (returning a user or throw an error) is preserved.

Login/Signup Components

The response from signUp() is now an object with an error key if there was an error, or a message key if signupHandler() returns a string. Previously, error messages were returned with a message key only.

If a user is returned and logged in, an object is returned with an id key containing the id of the user.


Generated functions and components have updated comments explaining what to return in these functions in various circumstances. See this related Doc: Docs - Authentication : RedwoodJS Docs