Fork me on GitHub

The Flow

This plugin relies on how you implement some of required logic. You need to make a service / interface accessible under actionhero api object, do the necessary things there and call a callback function / return a promise. Below is how we illustrate this flow.

Required Implementation

Anywhere in one of your initializers, implement these following methods. There is an example of these implementations using in-memory persistance.

api.AuthImpl.signUp(userData, uuid, callback)

Called when a new user signs up to your app. You can save the userData and uuid to your database here. The userData already contains hashed password the user submitted earlier.


// User and Token is a model of some database.
api.AuthImpl.signUp = function(userData, uuid, callback) {;{uuid: uuid});
  var data = {
    user: userData,
    uuid: uuid,
    options: {
      locals: {
        firstName: userData.firstName,
        lastName: userData.lastName

  // No error here, so the first argument of callback is null.
  callback(null, data);

api.AuthImpl.findUser(login, callback)

Called when a user signs in. You can do a database query to find the user here.


// User is a model for some database.
api.AuthImpl.findUser = function(login, callback) {
  User.find({username: login}, function(err, user) {
    if(err) {
    if(!user) {
      callback(new Error('No user is found'));
    callback(null, user);

api.AuthImpl.jwtPayload(user, callback)

Compose the user’s payload. Include any substantial user’s data you want to be available later in restricted actions.


api.AuthImpl.jwtPayload = function(user, callback) {
  // Exclude the user's password from soon to be signed jwt payload.
  delete user.password;
  callback(null, {payload: user});