Auth Actions

The auth family manages user accounts as part of a workflow — provisioning users, changing roles, and moderating accounts. These actions require app.auth to be configured and go through the same RBAC as the rest of the platform. Four operators.

Operator	Props	Description
`createUser`	`email`, `name`, `password?`, `role?`	Create a new user account (password auto-generated if omitted; role defaults to the configured `defaultRole`).
`assignRole`	`userId`, `role`	Assign a role (`admin`, `member`, `viewer`, or custom) to an existing user.
`banUser`	`userId`, `reason?`	Ban a user account; `reason` is stored for the audit trail.
`unbanUser`	`userId`	Lift a ban on a user account.

# Provision a teammate when an invite record is created
- name: provision
  type: auth
  operator: createUser
  props:
    email: '{{trigger.data.email}}'
    name: '{{trigger.data.name}}'
    role: member

# Promote on approval
- name: promote
  type: auth
  operator: assignRole
  props: { userId: '{{trigger.data.user_id}}', role: admin }

Auth actions need app.auth. They operate on the same user store and roles as end-user authentication. See Auth Overview and Roles & RBAC.

Auth Overview — authentication configuration.
Roles & RBAC — the roles assigned by assignRole.
Actions Overview — base props and the family map.

← PreviousRetry & Failure Next →Code Actions

Auth Actions

Related Pages