Skip to main content

Passwords API

The accounts-password package provides secure password-based authentication. Source: packages/accounts-password/

Client Methods

Meteor.loginWithPassword()

Log the user in with a password. Locus: Client
selector
string | object
required
Either a string interpreted as a username or an email; or an object with a single key: email, username or id. Username or email match in a case insensitive manner.
password
string
required
The user’s password.
callback
function
Optional callback. Called with no arguments on success, or with a single Error argument on failure.

Accounts.changePassword()

Change the current user’s password. Must be logged in. Locus: Client
oldPassword
string
required
The user’s current password. This is not sent in plain text over the wire.
newPassword
string
required
A new password for the user. This is not sent in plain text over the wire.
callback
function
Optional callback. Called with no arguments on success, or with a single Error argument on failure.

Accounts.forgotPassword()

Request a forgot password email. Locus: Client
options
object
required
Must contain email field.
email
string
required
The email address to send a password reset link.

Accounts.resetPassword()

Reset the password for a user using a token received in email. Logs the user in afterwards if the user doesn’t have 2FA enabled. Locus: Client
token
string
required
The token retrieved from the reset password URL.
newPassword
string
required
A new password for the user. This is not sent in plain text over the wire.
callback
function
Optional callback. Called with no arguments on success, or with a single Error argument on failure.

Accounts.verifyEmail()

Marks the user’s email address as verified. Logs the user in afterwards if the user doesn’t have 2FA enabled. Locus: Client
token
string
required
The token retrieved from the verification URL.

Server Methods

Accounts.setPasswordAsync()

Forcibly change the password for a user. Locus: Server
userId
string
required
The id of the user to update.
newPassword
string
required
A new password for the user.
options
object
Optional options object.
logout
boolean
Logout all current connections with this userId (default: true)

Accounts.sendResetPasswordEmail()

Send an email with a link the user can use to reset their password. Locus: Server
userId
string
required
The id of the user to send email to.
email
string
Optional. Which address of the user’s to send the email to. This address must be in the user’s emails list. Defaults to the first email in the list.
extraTokenData
object
Optional additional data to be added into the token record.
extraParams
object
Optional additional params to be added to the reset url.
Returns: Promise<{email, user, token, url, options}>

Accounts.sendEnrollmentEmail()

Send an email with a link the user can use to set their initial password. Locus: Server
userId
string
required
The id of the user to send email to.
email
string
Optional. Which address of the user’s to send the email to.

Accounts.sendVerificationEmail()

Send an email with a link the user can use verify their email address. Locus: Server
userId
string
required
The id of the user to send email to.
email
string
Optional. Which address of the user’s to send the email to. This address must be in the user’s emails list. Defaults to the first unverified email in the list.

Email Management (Server)

Accounts.addEmailAsync()

Add an email address for a user. Locus: Server
userId
string
required
The ID of the user to update.
newEmail
string
required
A new email address for the user.
verified
boolean
Optional - whether the new email address should be marked as verified. Defaults to false.

Accounts.removeEmail()

Remove an email address for a user. Locus: Server
userId
string
required
The ID of the user to update.
email
string
required
The email address to remove.

Accounts.replaceEmailAsync()

Replace an email address for a user. Locus: Server
userId
string
required
The ID of the user to update.
oldEmail
string
required
The email address to replace.
newEmail
string
required
The new email address to use.
verified
boolean
Optional - whether the new email address should be marked as verified. Defaults to false.

Password Security Configuration

Configure password hashing algorithms and security parameters.

Complete Example: Password Reset Flow