useAuth hook exposes all the actions you need.
Sign Up
CallsignUpWithEmailAndPassword with at minimum an email and password. Additional profile fields are optional.
Optional Profile Fields
You can pass additional profile data at registration time:If you supply both
avatar (URL) and avatarFile (file upload), the file
takes precedence and the URL is ignored.Sign In
Sign Out
signOut revokes the current session’s entire token family on the server and clears local auth state.
Change Password
Users who signed up with email/password can change their password while authenticated. The current password must be provided for verification.Password Reset
Users who forget their password can request a reset email. Sublay sends a link to the registered email address. The link expires after 1 hour.The API always responds with a success message regardless of whether the email
address is registered, to prevent user enumeration.
Auth State
Check whether the SDK has finished initializing and whether a user is currently signed in:Email Verification
After sign-up, you can prompt users to verify their email address. Sublay sends a short-lived token (5 minutes) via email. There are two delivery modes: a code the user types back into your app, or a link they click to verify automatically.Send a verification email
Verify with a code
When usingmode: "code", collect the token from the user and call useVerifyEmail:
user.isVerified is updated immediately in the local Redux store — no refetch needed.
Link mode
When usingmode: "link", the email contains a button the user clicks. The server verifies the token and either:
- Redirects to the
redirectUrlyou provided with?verified=trueappended, or - Renders a hosted success page if no
redirectUrlwas given.
user.isVerified field will be true the next time the user’s session is loaded (e.g. on next sign-in or token refresh). There is no SDK callback for link-mode verification since it happens outside the app’s JS context.
The verification token is valid for 5 minutes and can only be used once.
Calling
sendVerificationEmail while a previous token is still valid will
generate a new token — the old one remains valid until it expires or the new
one is used.
