Authentication actions

Named auth server actions in packages/core (sign-in, session, password flows, operator impersonation).

Written By Zoro

Last updated 3 days ago

These are Next.js Server Actions used by the dashboard and related flows.

Names match actionName metadata in code. Source of truth: packages/core/src/actions/auth/index.ts, plus fetchAuthConfigAction in packages/core/src/actions/pages/auth/index.ts.

Not every auth action is listed in getActionAccess (RBAC map). Some paths are public or use separate guards. Use this page as a navigational index into the codebase.

Session and identity

`actionName`	Typical purpose
`signInAction`	Email or credential sign-in.
`signUpAction`	Registration.
`logoutAction`	End session.
`getUserAction`	Load current user for the client.
`getTenantAction`	Resolve tenant context for the workspace.
`autoLoginAction`	Automated login continuation flows where used.
`requestMagicLinkAction`	Send or validate magic-link style auth where enabled.

Password and verification

`actionName`	Typical purpose
`forgotPasswordAction`	Start password reset.
`resetPasswordAction`	Complete password reset with token.
`verifyEmailAction`	Email verification handling.

Configuration

`actionName`	Typical purpose
`fetchAuthConfigAction`	Load auth-related configuration for the client (from `pages/auth`).

Operator-only (dangerous)

`actionName`	Typical purpose
`impersonateUserAction`	Support or admin impersonation; must remain tightly controlled.

For team invites and workspace roles, see server actions under packages/core/src/actions/team/ and Roles and permissions under Security and Team Management in the sidebar.

Learn more

tRPC and backend reference for auth and authConfig routers on the tRPC side.
Security overview for the customer-facing security model.