Introduction
🎯 What does this module do?
The Users module allows you to manage registered users.
In Platform OneEntry, there are the necessary tools for working with registered users.
📖 Simple Explanation
Every application needs user management:
- 📝 User Profiles - Manage user information
- 💾 Custom User Data - Store application-specific data (state object)
- 🔍 User Lookup - Search and filter users
✨ Key Concepts
What is a User?
A User is a registered account in your application:
- Basic Info - Name, email, phone
- Authentication - Secure password storage
- State Object - Custom application data
- Timestamps - Registration date, last login
- Status - Active, inactive, blocked
- Permissions - User roles and access levels
User Structure
Each user has this structure:
{
id: 8, // User ID
identifier: 'test@test.ru', // User identifier (email/login)
authProviderIdentifier: 'email', // Auth provider type
formIdentifier: 'reg', // Registration form identifier
formData: [ // User profile data
{ marker: 'name_reg', type: 'string', value: 'Ivan' },
{ marker: 'phone_reg', type: 'string', value: '+19258382556' },
],
groups: [1], // User groups for permissions
state: {}, // Custom application data
moduleFormConfigs: [], // Additional form configurations
total: "1" // Total count (for pagination)
}
Key Fields:
id- Unique user identifieridentifier- User's login (email, phone, username)authProviderIdentifier- Authentication method used (email, phone, etc.)formData- Array of form fields with user's profile informationgroups- Array of group IDs for access controlstate- Custom JSON object for application-specific data
Get user with custom state data
Benefits:
- 🔒 Secure - Password hashing, secure authentication
- 📋 Validated - Email and data validation
- 🔄 Authenticated - Token-based sessions
- 💾 Persistent - Data stored in database
User State Object
You can store the data necessary for your application to work in a state object. When changing the user, add the necessary data to the state. When the user's data is subsequently received, it will contain a state object.
An example in which we add information to the user about how many orders he has made. Add a field "orderCount" with the value to the state object.
The state object is custom data storage per user:
| Use Case | State Example | Description |
|---|---|---|
| E-commerce | { orderCount: 5, totalSpent: 499.99 } | Track purchase history |
| Content Site | { articlesRead: 25, bookmarks: [1,2,3] } | Track content consumption |
| Social App | { postsCount: 42, followers: 150 } | Track social metrics |
| Gaming | { level: 15, score: 9500, achievements: [...] } | Track game progress |
| SaaS | { plan: 'premium', usage: 75 } | Track subscription data |
User Workflow
1. User fills registration form
(Email, password, name)
↓
2. createUser() called
(OneEntry validates and hashes password)
↓
3. User account created
(Stored in database)
↓
4. User logs in
(authenticateUser() verifies credentials)
↓
5. Authentication token returned
(Used for subsequent requests)
↓
6. Application updates user state
(Custom data like orderCount)
↓
7. User data fetched as needed
(getUserById() with current state)
Why Use Users Module?
| Benefit | Description |
|---|---|
| Secure Authentication | Password hashing, token management |
| User Management | Read, update, delete users |
| Custom Data Storage | State object for app-specific data |
| Email Validation | Automatic email format checking |
| Duplicate Prevention | Prevents duplicate email registration |
| Session Management | Token-based authentication |
📋 What You Need to Know
Authorization Provider
Users in OneEntry are managed through an authorization provider system that handles registration and authentication mechanisms.
Key points:
- Users register through forms configured in the OneEntry admin panel
- Each user is associated with an authentication provider (email, phone, etc.)
- User data is stored in form fields defined by
formData - Additional metadata is stored in the
stateobject
User State Object is Flexible
The state object can store any custom JSON data
Best practices:
- Store application-specific data only
- Keep state object organized with nested objects
- Update entire state object (spread existing data)
- Don't store sensitive data in state
Password Security
OneEntry handles password security automatically
Your responsibility:
- Enforce password requirements (length, complexity)
- Validate password on client-side before sending
- Never log passwords
- Use HTTPS for all authentication requests
Authentication Token Management
Store and use authentication tokens securely
Token best practices:
- Store in HTTP-only cookies when possible
- Use short expiration times (1-2 hours)
- Implement refresh tokens for long sessions
- Clear token on logout
- Never expose tokens in URLs
User Registration Validation
Always validate user input before registration
Updating User State Safely
Always preserve existing state when updating:
// ❌ Bad - Overwrites entire state
const userstate = {
orderCount: 1
}
// ✅ Good - Preserve existing state
const userstate = {
...user.state, // Spread existing state
orderCount: (user.state.orderCount || 0) + 1 // Update specific field
}
Duplicate Email Prevention
OneEntry prevents duplicate email registration automatically
Best practice: Check error status and show user-friendly message.
User Pagination
For large user bases, always paginate when fetching multiple users
💡 Important Notes
Authorization Required
Most user methods require authorization through the AuthProvider module. Make sure to authenticate the user first before calling user management methods.
User Form Data
User data is structured according to forms configured in the OneEntry admin panel:
- Each user has a
formIdentifierthat references the registration form used - User data is stored in the
formDataarray with markers, types, and values - Supported field types include: string, integer, float, date, dateTime, time, text, textWithHeader, image, groupOfImages, file, radioButton, list, entity, timeInterval
State Object Guidelines
Best practices for state object:
- Store application-specific data only
- Keep state organized with nested objects
- Update entire state (spread existing data)
- Don't store sensitive data (passwords, tokens)
- Don't store large binary data
- Use consistent naming conventions
Push Notifications
Use addFCMToken() and deleteFCMToken() to manage Firebase Cloud Messaging tokens for sending push notifications to users.
Notification Data
When updating users, you can provide notificationData object containing:
email- Email address for notificationsphonePush- Array of phone numbers for push notificationsphoneSMS- Phone number for SMS notifications
📊 Quick Reference Table
| Method | Description | Use Case |
|---|---|---|
| getUser() | Get authorized user data | Fetch current user profile |
| updateUser() | Update user information | Profile updates, state changes |
| archiveUser() | Archive user account | Soft delete user account |
| deleteUser() | Permanently delete user | Hard delete user account |
| addFCMToken() | Add FCM token for push notifications | Enable push notifications |
| deleteFCMToken() | Remove FCM token | Disable push notifications |
❓ Common Questions (FAQ)
What is the user state object and how should I use it?
The state object is a flexible JSON storage for application-specific user data. Use it to track custom metrics like order counts, preferences, or progress. Always spread existing state when updating to avoid overwriting other data.
How do I update user profile information?
Use updateUser() to modify user profile data. You can update form data fields, notification settings, and the state object. Remember to authenticate the user first using the AuthProvider module.
What's the difference between archiveUser() and deleteUser()?
archiveUser() is a soft delete that hides the user but preserves data (can be restored). deleteUser() permanently removes the user and all associated data (cannot be undone). Use archiving unless you need complete data removal.
How do I handle push notifications for users?
Use addFCMToken() to register a Firebase Cloud Messaging token for the user. This enables sending push notifications to their devices. Use deleteFCMToken() when they log out or disable notifications.
Can I store sensitive data in the user state object?
No! Never store passwords, tokens, credit card numbers, or other sensitive data in the state object. It's not encrypted specifically for sensitive data. Use secure, purpose-built systems for sensitive information.
How do I fetch user data after registration?
After successful registration and authentication, use getUser() to fetch the authenticated user's data, including their profile information and custom state object.
🎓 Best Practices
- Validate input before registration - Check email format, password strength
- Use HTTPS for authentication - Encrypt all login requests
- Implement password requirements - Minimum 8 characters, mixed case, numbers
- Store tokens securely - HTTP-only cookies or secure storage
- Preserve existing state - Spread existing data when updating state
- Handle duplicate emails - Catch 409 errors and show user-friendly message
- Implement logout - Clear tokens and session data
- Cache user data - Reduce API calls for frequently accessed users
More information about user management in the OneEntry admin panel: https://doc.oneentry.cloudhttps://doc.oneentry.cloud/docs/category/users
Definition of the Users module
const { Users } = defineOneEntry( "your-project-url", { "token": "your-app-token" });
🔗 Related Documentation
- AuthProvider Module - Required for user authentication
- OneEntry Admin Panel - Users - Official admin panel documentation
- Authentication Best Practices
- Password Security
- Orders Module - Orders reference users for order history
- Payments Module - Payments reference users for payment history