User Module
The user module (sso.user) manages the authenticated user’s profile, linked social accounts (identities), multi-factor authentication, and password management.
Profile Management
Method: sso.user.getProfile()
Signature:
getProfile(): Promise<UserProfile>
Description: Get the profile of the currently authenticated user. The response includes context from the JWT (org, service).
Response Fields:
| Field | Type | Description |
|---|---|---|
| id | string | User ID |
| string | User’s email address | |
| email_verified | boolean | Whether email is verified |
| is_platform_owner | boolean | Whether user is a platform owner |
| created_at | string | ISO timestamp of account creation |
Example:
const profile = await sso.user.getProfile();
console.log(profile.email, profile.id);
Method: sso.user.updateProfile()
Signature:
updateProfile(payload: UpdateUserProfilePayload): Promise<UserProfile>
Description: Update the authenticated user’s profile information (currently only email).
Method: sso.user.getSubscription()
Signature:
getSubscription(): Promise<Subscription>
Description: Get the current user’s subscription details for the service in their JWT context.
Response Fields:
| Field | Type | Description |
|---|---|---|
| service | string | Service slug |
| plan | string | Plan name |
| status | string | Subscription status (‘active’, etc.) |
| features | string[] | List of enabled features for this plan |
| current_period_end | string | When the current subscription period ends |
Password Management
Method: sso.user.changePassword() | setPassword()
Manage user passwords. setPassword is specifically for OAuth users adding a password.
Identities Module
Managed via sso.user.identities.
Method: sso.user.identities.list() | startLink() | unlink()
Manage social account linking (GitHub, Google, Microsoft).
MFA Module
Managed via sso.user.mfa.
Method: sso.user.mfa.getStatus()
Signature:
mfa.getStatus(): Promise<MfaStatusResponse>
Response Fields:
| Field | Type | Description |
|---|---|---|
| enabled | boolean | Whether MFA is enabled |
| has_backup_codes | boolean | Whether user has unused backup codes |
Method: sso.user.mfa.setup()
Signature:
mfa.setup(): Promise<MfaSetupResponse>
Response Fields:
| Field | Type | Description |
|---|---|---|
| secret | string | Base32-encoded TOTP secret |
| qr_code_svg | string | SVG QR code for scanning |
| qr_code_uri | string | The otpauth:// URI for manual entry |
Method: sso.user.mfa.verify()
Signature:
mfa.verify(code: string): Promise<MfaVerifyResponse>
Response Fields:
| Field | Type | Description |
|---|---|---|
| enabled | boolean | Whether MFA is now enabled |
| backup_codes | string[] | List of 10 backup codes (only returned once) |
Method: sso.user.mfa.disable() | regenerateBackupCodes()
Manage existing MFA configuration.
Devices Module
Managed via sso.user.devices.
Method: sso.user.devices.list() | get() | revoke() | revokeAll() | updateName() | trust()
Manage trusted devices and sessions.
Type Definitions
Refer to sso-sdk/src/types for complete interface definitions.