Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/tailor-platform/sdk/llms.txt

Use this file to discover all available pages before exploring further.

Function Signature

With User Profile

function defineAuth<
  const Name extends string,
  const User extends TailorDBInstance,
  const AttributeMap extends UserAttributeMap<User>,
  const AttributeList extends UserAttributeListKey<User>[],
  const MachineUserNames extends string,
>(
  name: Name,
  config: UserProfileAuthInput<User, AttributeMap, AttributeList, MachineUserNames>
): DefinedAuth<Name, UserProfileAuthInput<...>, MachineUserNames>

Machine Users Only

function defineAuth<
  const Name extends string,
  const MachineUserAttributes extends MachineUserAttributeFields,
  const MachineUserNames extends string,
>(
  name: Name,
  config: MachineUserOnlyAuthInput<MachineUserNames, MachineUserAttributes>
): DefinedAuth<Name, MachineUserOnlyAuthInput<...>, MachineUserNames>
Defines an authentication service with either user profiles or machine users.

Parameters

name
string
required
Auth service name
config
AuthServiceInput
required
Auth service configuration object
userProfile
object
User profile configuration (mutually exclusive with machineUserAttributes)
namespace
string
TailorDB namespace where the user type is defined. Usually auto-resolved; required only when multiple TailorDBs exist and the type is in an external TailorDB
type
TailorDBInstance
required
TailorDB type representing the user
usernameField
UsernameFieldKey<User>
required
Field name to use as username. Must be a required, unique, non-array string field
attributes
UserAttributeMap<User>
Map of user attributes to expose. Keys are field names with true values
attributeList
UserAttributeListKey<User>[]
Array of UUID field names to expose as attribute lists
machineUserAttributes
MachineUserAttributeFields
Machine user attribute fields (mutually exclusive with userProfile). Record of field definitions
machineUsers
Record<string, MachineUser>
Machine user configurations, keyed by machine user name
[name].attributes
object
Attribute values for the machine user
[name].attributeList
string[]
Attribute list values for the machine user
oauth2Clients
Record<string, OAuth2Client>
OAuth2 client configurations, keyed by client name
[name].redirectURIs
string[]
required
Allowed redirect URIs for OAuth2 flow
[name].description
string
Client description
[name].grantTypes
OAuth2ClientGrantType[]
Allowed OAuth2 grant types (e.g., "authorization_code", "refresh_token")
idProvider
IdProviderConfig
Identity provider configuration. Use the .provider() method from defineIdp
scim
SCIMConfig
SCIM configuration for user provisioning
tenantProvider
TenantProviderConfig
Tenant provider configuration
publishSessionEvents
boolean
Enable publishing session events (token issued, refreshed, revoked)

Returns

auth
DefinedAuth
Defined auth service with the following properties:
name
string
Auth service name
invoker
function
Method to create an auth invoker for machine users:
invoker<M extends MachineUserNames>(machineUser: M): AuthInvoker<M>
Returns an object with { namespace: string, machineUserName: M } compatible with tailor.v1.AuthInvoker
All other fields from the input config are preserved.

Example

With User Profile

import { defineAuth, defineIdp } from "@tailor-platform/sdk";
import { user } from "./tailordb/user";

const idp = defineIdp("my-idp", {
  authorization: "loggedIn",
  clients: ["default-idp-client"],
});

const auth = defineAuth("my-auth", {
  userProfile: {
    type: user,
    usernameField: "email",
    attributes: {
      role: true,
    },
  },
  machineUsers: {
    "manager-machine-user": {
      attributes: {
        role: "MANAGER",
      },
    },
  },
  oauth2Clients: {
    sample: {
      redirectURIs: ["https://example.com/callback"],
      description: "Sample OAuth2 client",
      grantTypes: ["authorization_code", "refresh_token"],
    },
  },
  idProvider: idp.provider("sample", "default-idp-client"),
});

Using Auth Invoker

// In an executor or workflow
const invoker = auth.invoker("manager-machine-user");
// invoker = { namespace: "my-auth", machineUserName: "manager-machine-user" }

Notes

  • You must provide either userProfile or machineUserAttributes, not both
  • The function validates this constraint at runtime and throws an error if both are provided
  • When using userProfile, the usernameField must reference a required, unique, non-array string field from the user type
  • The attributes map exposes specific user fields as auth attributes (supports string, boolean, and array types)
  • The attributeList array exposes UUID fields as attribute lists
  • Machine users are useful for service-to-service authentication
  • The .invoker() method provides a type-safe way to reference machine users in your code

Build docs developers (and LLMs) love

Get started for freeTalk to us