Skip to main content
The accounts-base package implements Meteor’s foundational user account system, providing the core infrastructure for authentication and user management.

Installation

Overview

The accounts-base package provides:
  • User authentication and session management
  • Login/logout functionality
  • User collection management (Meteor.users)
  • Hooks for login/logout events
  • Integration with DDP for client-server communication
  • Support for multiple login service packages
accounts-base is the foundation package that other authentication packages (like accounts-password, accounts-google, accounts-facebook) build upon.

Package Information

  • Version: 3.2.0
  • Summary: A user account system
  • Main exports: Accounts
  • Client module: client_main.js
  • Server module: server_main.js

Core API

Accounts Object

The global Accounts object provides all account-related functionality.

Configuration

sendVerificationEmail
boolean
Automatically send verification emails to new users
forbidClientAccountCreation
boolean
Prevent account creation from the client
loginExpirationInDays
number
Number of days until login tokens expire
passwordResetTokenExpirationInDays
number
Days until password reset tokens expire (default: 3)
ambiguousErrorMessages
boolean
Return generic error messages to prevent user enumeration

User Management

Meteor.users Collection

The Meteor.users collection stores all user accounts:

Client-Side Methods

Current User

These methods are reactive and will trigger re-runs when the login state changes.

Login State

Server-Side Methods

Login Handlers

Validation Hooks

Lifecycle Hooks

onLogin / onLogout

URL Generators (Server)

Dependencies

The accounts-base package uses:
  • ecmascript - ES2015+ support
  • ddp - Client-server communication
  • ddp-rate-limiter - Rate limiting for security
  • mongo - User collection storage
  • tracker - Reactive updates (client)
  • reactive-var - Reactive variables (client)
  • localstorage - Token persistence (client)
  • check - Input validation (server)
  • random - Token generation
  • callback-hook - Lifecycle hooks

accounts-password

Password-based authentication

accounts-oauth

OAuth integration base

accounts-ui

Drop-in login UI components

accounts-2fa

Two-factor authentication

Example: Custom User Fields

Security Best Practices

Never publish sensitive user data to the client. Use field selectors to limit published fields.

Source Code

The package source is available in the Meteor repository: