The PocketBase API uses JWT tokens for authentication via the Authorization HTTP header.

Currently there are 2 supported schemes:

  • Admin - for admin authentication, eg. Authorization: Admin [TOKEN]
  • User - for user authentication, eg. Authorization: User [TOKEN]

Admin JWT tokens could be generated by the admin auth API (email/pass).

User JWT tokens could be generated by the user auth APIs (email/pass or OAuth2).

The easiest way to authenticate a user or admin is with the SDKs:

import PocketBase from 'pocketbase'; const client = new PocketBase('http://127.0.0.1:8090'); ... // admin authentication via email/pass const adminAuthData = await client.admins.authViaEmail('test@example.com', '123456'); // user authentication via email/pass const userAuthData1 = await client.users.authViaEmail('test@example.com', '123456'); // user authentication via OAuth2 const userAuthData2 = await client.users.authViaOAuth2('google', 'CODE', 'VERIFIER', 'REDIRECT_URL'); // "logout" the last authenticated account client.authStore.clear();
import 'package:pocketbase/pocketbase.dart'; final client = PocketBase('http://127.0.0.1:8090'); ... // admin authentication via email/pass final adminAuthData = await client.admins.authViaEmail('test@example.com', '123456'); // user authentication via email/pass final userAuthData1 = await client.users.authViaEmail('test@example.com', '123456'); // user authentication via OAuth2 final userAuthData2 = await client.users.authViaOAuth2('google', 'CODE', 'VERIFIER', 'REDIRECT_URL'); // "logout" the last authenticated account client.authStore.clear();

Once authenticated, the SDK clients will take care to add the Authorization header to all following requests.
The SDK clients store only the last authenticated account.