# Auth **Auth** module provides authentication and authorization for your application, including user management, group management, user registration, login, and related functions. It is installed automatically when the project is created. By default, the module's middleware is attached to every endpoint and grants access to any user group. Detailed access controls can be configured by adjusting the middleware settings in every endpoint. {% hint style="info" %} **Default User Login & Password** Login: \ Password: appmaster {% endhint %} ## Data models * User * User Session {% content-ref url="/pages/-MiF\_7i3hhAwOKMU1pyK" %} [Data Model User](/docs/data-design/auto-generation-of-data-models/list-of-generated-models/data-model-user.md) {% endcontent-ref %} {% content-ref url="/pages/iSl5azZa4zztZSqdWi5G" %} [Data Model User Session](/docs/data-design/auto-generation-of-data-models/list-of-generated-models/data-model-user-session.md) {% endcontent-ref %} ## Business processes * [Authentication](/docs/business-logic/block/business-process-blocks/authentication.md) * [Authorization](/docs/business-logic/block/business-process-blocks/authorization.md) * [Logout](/docs/business-logic/block/business-process-blocks/logout.md) * [Get Current User](/docs/business-logic/block/business-process-blocks/get-current-user.md) * [Registration](/docs/business-logic/block/business-process-blocks/registration.md) * [Add User to Group](/docs/business-logic/block/business-process-blocks/add-user-to-group.md) * [Remove User from Group](/docs/business-logic/block/business-process-blocks/remove-user-from-group.md) * [Chan](/docs/business-logic/block/business-process-blocks/change-password.md)[ge Password](/docs/business-logic/block/business-process-blocks/change-password.md) * [Restore Password](/docs/business-logic/block/business-process-blocks/restore-password.md) * [Generate Auth Token](/docs/business-logic/block/business-process-blocks/generate-auth-token.md) * [Hash Password](/docs/business-logic/block/business-process-blocks/hash-password.md) * [Probe Password](/docs/business-logic/block/business-process-blocks/probe-password.md) {% content-ref url="/pages/-MiF\_VRdhRkTz21sVAWk" %} [Group Auth](/docs/business-logic/block/business-process-blocks.md) {% endcontent-ref %} ## Endpoints * */logout/ - the current user exits the application.* * */auth/ - user authentication with login and password.* * */register/ - registration of a new user.* * */confirm/ - confirmation of registration of a new user.* * */user/change-password/ - change the user's password.* * */user/restore-password/ - reset the user's password.* * */user/profile/ - getting the profile of the current user.* ## Middleware * [Token Auth](https://docs.appmaster.io/v/russian/modules-and-integrations/spisok-modulei/authentication-modules/users-and-groups/middleware-token-auth) {% content-ref url="/pages/-MiF\_DFbbChi0n2Ykznr" %} [Middleware: Token Auth](/docs/endpoints/middleware/middleware-token-auth.md) {% endcontent-ref %} ## UI компоненты ### Web application * Login Form * Signup Form ### Mobile app * Sign In Screen * Sign Up Screen ## Settings | Setting | Default Value | Description | | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Signup | On | Allows users to independently create accounts (register) in your application. This setting is enabled by default. If you want to only manually register users, turn off this setting. | | Signup Groups | Users | List of user groups to which the user will be automatically added after registration. | | Session Timeout | 60 min. | How long the user's session will be active if they do not perform any actions in the application. After the timeout expires, the user will have to log in again. | | Signed-up User Active | On | State of new users after registration. By default, all users become active after registration. If you want to activate each account manually, turn off this setting. | | Failed login delay (in ms) | 0 | Setting of delay time for retry of failed login request to prevent bruteforce. By default, the delay is disabled (set to 0). | | Groups Tab | Admins, Users |

| | Defines what user groups your application will have. You can add new groups to configure user privileges granularly across the application.

Remove user groups with extreme caution because some business processes and components may be dependent on them.

| | | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://appmaster.gitbook.io/docs/modules/module/authentication/auth.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.