Skip to main content

POST /api/auth/login

Log in to get a JWT token.

POST /api/auth/register

Register a new user.

GET /api/auth/user

Get the currently authenticated user.

POST /api/auth/change-password

Change the password for the current user.

Login

Authenticates a user and returns a JWT token along with user details.
  • Endpoint: /api/auth/login
  • Method: POST
  • Body:
    • username (string, required): The user’s username.
    • password (string, required): The user’s password.
  • Request Example: 
    {
  "username": "admin",
  "password": "admin123"
}
  • Success Response: 
    {
  "success": true,
  "message": "Login successful",
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "user": {
    "username": "admin",
    "isAdmin": true,
    "permissions": { ... }
  }
}

Register

Registers a new user and returns a JWT token.
  • Endpoint: /api/auth/register
  • Method: POST
  • Body:
    • username (string, required): The desired username.
    • password (string, required): The desired password (must be at least 6 characters).
    • isAdmin (boolean, optional): Whether the user should have admin privileges.
  • Request Example: 
    {
  "username": "newuser",
  "password": "password123",
  "isAdmin": false
}
  • Success Response: 
    {
  "success": true,
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "user": {
    "username": "newuser",
    "isAdmin": false,
    "permissions": { ... }
  }
}

Get Current User

Retrieves the profile of the currently authenticated user.
  • Endpoint: /api/auth/user
  • Method: GET
  • Authentication: Bearer Token required.
  • Success Response: 
    {
  "success": true,
  "user": {
    "username": "admin",
    "isAdmin": true,
    "permissions": { ... }
  }
}

Change Password

Allows the authenticated user to change their password.
  • Endpoint: /api/auth/change-password
  • Method: POST
  • Authentication: Bearer Token required.
  • Body:
    • currentPassword (string, required): The user’s current password.
    • newPassword (string, required): The desired new password (must be at least 6 characters).
  • Request Example: 
    {
  "currentPassword": "oldpassword",
  "newPassword": "newpassword123"
}
  • Success Response: 
    {
  "success": true,
  "message": "Password updated successfully"
}

Social Login (Better Auth)

MCPHub integrates Better Auth to provide seamless social login capabilities (GitHub, Google, etc.). Prerequisites:
  1. Database Mode: DB_URL environment variable must be configured (PostgreSQL is required for Better Auth persistence).
  2. Provider Configuration:
    • GitHub: Set GITHUB_CLIENT_ID and GITHUB_CLIENT_SECRET.
    • Google: Set GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET.
Endpoints: The Better Auth API is mounted at /api/auth/better. Key endpoints include:
  • Initiate Login:
    • GET /api/auth/better/signIn/social?provider=github
    • GET /api/auth/better/signIn/social?provider=google
  • Session Management:
    • GET /api/auth/better/session (Get current session)
    • POST /api/auth/better/signOut (Sign out)
For a complete list of endpoints and usage details, refer to the Better Auth API Documentation.