Get the current auth user in the extension

[rokdd]

Maybe I am stupid or I found not the right piece of code.. I want to know in my extension of the API endpoint, which user I am authentificated with the token with.

In the documentation is a function mentioned await directus.users.me.read();

By reading I would imagine that I could do something like this:

let userservice=new services.UsersService({ schema: req.schema, accountability: req.accountability }) 
console.log(await userservice.me.read())

Also when using the ItemsService, I get an undefined error. I also could not found the functions in code. How is the recommended way to do that?

[azrikahar]

The documentation linked is specifically for the SDK, so it is correct that it's undefined and not within UsersService 👍

The accountability object itself should already contain the user ID in accountability.user:

directus/packages/shared/src/types/accountability.ts

Lines 8 to 19 in 5e81373

	export type Accountability = {
	role: string | null;
	user?: string | null;
	admin?: boolean;
	app?: boolean;
	permissions?: Permission[];
	share?: string;
	share_scope?: ShareScope;
	ip?: string;
	userAgent?: string;
	};

However depending on extensions and the logic involved, and as the type above states, do note that user and/or role could be null (eg. invoked by public or system, hence there's no "user"), so do make sure to add additional guards before accessing accountability.user.

You can then use the user ID in accountability.user via a UsersService.readOne(<user-id>) call. Here's an example:

export default (router, { services, exceptions }) => {
	const { UsersService } = services;
	const { ForbiddenException, ServiceUnavailableException } = exceptions;

	router.get('/', (req, res, next) => {
		// this ensures public or unauthenticated calls will get forbidden error
		if (!req.accountability?.user) return next(new ForbiddenException());

		const usersService = new UsersService({ schema: req.schema, accountability: req.accountability });

		usersService
			.readOne(req.accountability.user)
			.then((result) => {
				res.json(result); // returns json containing the user detail
			})
			.catch((error) => {
				return next(new ServiceUnavailableException(error.message));
			});
	});
}

[erondpowell]

@rokdd Thanks for noting that, adding it to the todo list.

[bhagya1101]

However depending on extensions and the logic involved, and as the type above states, do note that user and/or role could be null (eg. invoked by public or system, hence there's no "user"), so do make sure to add additional guards before accessing accountability.user.

What do you mean by adding additional guards.. I am getting user and role "null" in accountability. What should I do?? I am stuck for three days

[azrikahar]

@bhagya1101 in OP's use case, they are looking to get the details of the current authenticated user in a custom API endpoint. However note that any endpoint by default can be accessed publicly, so there may not be an authenticated user, which is why we should handle the scenario of unauthenticated requests. If you are getting null user and role in accountability, it would mean the request is not authenticated.

What do you mean by adding additional guards..

In my code example above, the "guard" would be responding with forbidden error when there are no accountability:

                // this ensures public or unauthenticated calls will get forbidden error
		if (!req.accountability?.user) return next(new ForbiddenException());

[bhagya1101]

OK thanks,
So is there any way to make request authenticated.?? I just want the user id that is currently logged in
I am somewhat new to Directus. So, please bear with me for silly questions.

[azrikahar]

So is there any way to make request authenticated.??

You can refer to the docs here to add access token either via query parameter or Authorization header: https://docs.directus.io/reference/authentication.html#access-tokens

I just want the user id that is currently logged in

accountability.user will contain the user ID once the request is authenticated, so you should be good to go 👍