@accounts/password package provide a secure system for a password based login strategy.
This package will let you build your custom email (and or username) / password strategy.
To see how to integrate the package into your app you can check these examples:
Extend the user and validate custom fields
By default accounts-js only allow
password for the user. In order to add custom fields you need to pass the validateNewUser function when you instantiate the
You might want to allow multiple emails in your app, we allow this behavior by allowing you to link multiple emails to the user. Use the following functions instead of directly updating the database:
AccountsPassword.addEmail- Add an email address for a user.
AccountsPassword.removeEmail- Remove an email address for a user.
AccountsPassword.verifyEmail- Marks the user's email address as verified.
Email case sensitivity
Due to some databases limitations, we have to do some internal logic to ensure that emails and usernames are uniques.
⚠️ Never query your database directly when you want to query a user by username or email. Instead use the the
The password module come with two factor out of the box. You can customize it using the
Check all the options available here.
Custom password hashing
By default we use bcrypt to hash the password. If you want to change the hashing algorithm, you can do so using the
For example if you want to use argon2, you can use the following: