Skip to main content

User authentication

tip

Hydrogen 2.0 is out now. These archival Hydrogen 1.0 docs are provided only to assist developers during their upgrade process. Please migrate as soon as possible.

Hydrogen includes built-in support for managing user authentication, including account creation, login, password reset, and logout. This guide describes the routes, hooks, and components that you can use to implement an end-to-end user authentication experience.

User account routes

The Demo Store template contains the following user account-specific routes:

RouteDescription
/accountAn account settings page for the current logged in user. If the user isn't logged in when they access this page, then they're redirected to /account/login.
/account/loginA page for the user to enter their credentials and log in.
/account/logoutAn API route that expects a POST request to delete the current session.
/account/registerA form for the user to set up a new account. On success, the user is redirected to /account.
/account/recoverA form for the user to initiate a password reset. If the form is sent successfully, then an email is sent to the user with a link to reset their password. Clicking the link leads the user to the /account/reset/[id]/[resetToken] page.
/account/reset/[id]/[resetToken]A form for the user to enter a new password. The user submits the new password and resetToken to /account/reset. On success, the user is redirected to /account.
/account/resetAn API route to update the new password for the user.
/account/activate/[id]/[activationToken]A form to activate the new user. The user should only reach this form from a link in their email. The user submits the password and activationToken to /account/activate. On success, the user is redirected to /account.
/account/activateAn API route to activate the user account.
/addressAn API route for creating a new address.
/address/[addressId]An API route for updating and deleting an address.
/orders/[orderId]A page to view the details of an order. Requires the user to be authenticated.

Configuring user authentication

You can configure user authentication with the following tasks:

  • Retrieve a customer access token
  • Tell bots not to index a page

Next steps