Skip to main content
Gately supports multiple authentication methods to fit your application’s needs.

Authentication Methods

Email & Password

Traditional email and password authentication with secure password hashing.

Social Login

One-click login with Google and GitHub OAuth providers.

Magic Links

Passwordless authentication via email links.

API Keys

Server-to-server authentication for backend integrations.

Email & Password

The most common authentication method. Users register with their email and a secure password.

Password Requirements

  • Minimum 8 characters
  • At least one uppercase letter
  • At least one lowercase letter
  • At least one number
// Sign up
const { user } = await gately.signup('[email protected]', 'SecurePass123!', {
  full_name: 'John Doe'
})

// Login
const { user, session } = await gately.login('[email protected]', 'SecurePass123!')

Social Login

Enable users to sign in with their existing Google or GitHub accounts.

Google Login

await gately.loginWithGoogle({
  redirectTo: '/dashboard'
})

GitHub Login

await gately.loginWithGithub({
  redirectTo: '/dashboard'
})
Social login providers must be configured in your project settings before use.

Configuring OAuth Providers

  1. Go to Settings > Authentication in your dashboard
  2. Enable the desired provider (Google or GitHub)
  3. Add your OAuth credentials:
    • Google: Client ID and Client Secret from Google Cloud Console
    • GitHub: Client ID and Client Secret from GitHub Developer Settings
Passwordless authentication sends a secure link to the user’s email. 
// Send magic link
await gately.sendMagicLink('[email protected]', {
  redirectTo: '/dashboard'
})
The user clicks the link in their email and is automatically logged in.

Session Management

Check Authentication Status

if (gately.isAuthenticated()) {
  const user = gately.getUser()
  const session = gately.getSession()
  
  console.log('User:', user.email)
  console.log('Session expires:', new Date(session.expires_at))
}

Listen for Auth Changes

gately.onAuthStateChange((user, session) => {
  if (user) {
    console.log('User logged in:', user.email)
  } else {
    console.log('User logged out')
  }
})

Refresh Session

Sessions are automatically refreshed before expiry. You can also manually refresh: 
const session = await gately.fetchSession()

Logout

await gately.logout()

Password Reset

Request Reset

await gately.requestPasswordReset('[email protected]')
// User receives email with reset link

Confirm Reset

await gately.confirmPasswordReset(
  '[email protected]',
  'reset-token-from-email',
  'NewSecurePass123!'
)

Security Best Practices

Always serve your application over HTTPS to protect authentication tokens in transit.
Gately uses bcrypt with salt rounds for secure password hashing. Never store plain-text passwords.
Access tokens expire after 1 hour by default. Refresh tokens are valid for 7 days.
Authentication endpoints are rate-limited to prevent brute force attacks.