Customer auth

AuthClient from @cstar.help/js/auth handles customer signup and login for end-user surfaces — your help center, an embedded portal, a logged-in chat experience. No API key; just teamSlug.

Setup

setup.js

import { AuthClient } from '@cstar.help/js/auth';

const auth = new AuthClient({
  teamSlug: 'acme'
});

signup.js

const result = await auth.signup({
  email: 'jane@example.com',
  password: 'SecurePass!123',
  name: 'Jane Doe'
});

// Two possible shapes — depends on the team's email-confirmation setting:
if ('accessToken' in result) {
  // Auto-confirmed: session is live
  console.log('Signed in as', result.customer.email);
} else {
  // Confirmation pending: prompt the user to check their inbox
  console.log('Check your email to confirm');
}

const { customer, accessToken, refreshToken } = await auth.login({
  email: 'jane@example.com',
  password: 'SecurePass!123'
});

// Tokens persist in localStorage by default — survive page reloads.

Session helpers

session.js

auth.isAuthenticated;        // boolean — true if a session exists
auth.accessToken;            // string | null — the JWT for outbound calls
auth.getCustomer();          // { id, email, name } | null
auth.getSession();           // Full session object with refresh token

Log out

logout.js

auth.logout();
// Clears tokens, revokes the session server-side, fires onSessionChange listeners.

Plug into a reactive UI

@cstar.help/react and @cstar.help/svelte wrap this client in framework-native primitives (hooks / rune classes) so you don't have to wire the auth state machine yourself.

Next up

Chat ChatClient — customer chat with HMAC identify. Public library Read articles without authentication. API reference The auth endpoints under the hood.