@strapi/plugin-users-permissions

What is @strapi/plugin-users-permissions?

@strapi/plugin-users-permissions is a plugin for Strapi, an open-source headless CMS. This plugin provides a robust system for managing user authentication, roles, and permissions. It allows developers to easily implement user registration, login, and role-based access control in their Strapi applications.

What are @strapi/plugin-users-permissions's main functionalities?

User Registration

This feature allows new users to register by providing a username, email, and password. The code sample demonstrates how to make a POST request to the registration endpoint.

fetch('/auth/local/register', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    username: 'exampleUser',
    email: 'user@example.com',
    password: 'password123'
  })
})
.then(response => response.json())
.then(data => console.log(data));

User Login

This feature allows users to log in by providing their email (or username) and password. The code sample demonstrates how to make a POST request to the login endpoint.

fetch('/auth/local', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    identifier: 'user@example.com',
    password: 'password123'
  })
})
.then(response => response.json())
.then(data => console.log(data));

Role-Based Access Control

This feature allows administrators to define roles with specific permissions. The code sample demonstrates how to create a new role with permissions for creating and updating articles but not deleting them.

const role = {
  name: 'Editor',
  description: 'Can edit content',
  permissions: {
    'application::article.create': true,
    'application::article.update': true,
    'application::article.delete': false
  }
};

fetch('/users-permissions/roles', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer YOUR_ADMIN_TOKEN'
  },
  body: JSON.stringify(role)
})
.then(response => response.json())
.then(data => console.log(data));

Other packages similar to @strapi/plugin-users-permissions

passport

Passport is a popular authentication middleware for Node.js. It provides a wide range of authentication strategies, including local, OAuth, and OpenID. Unlike @strapi/plugin-users-permissions, Passport is not tied to a specific CMS and can be used with any Node.js application.

jsonwebtoken

jsonwebtoken is a library for generating and verifying JSON Web Tokens (JWT). It is often used for implementing token-based authentication in web applications. While @strapi/plugin-users-permissions uses JWT under the hood, jsonwebtoken provides a lower-level API for working directly with tokens.

acl

acl is a Node.js module for managing user roles and permissions. It provides a flexible way to define access control lists (ACLs) for different resources. Unlike @strapi/plugin-users-permissions, acl is a more general-purpose library that can be integrated into any Node.js application.

README

Strapi plugin