> ## Documentation Index > Fetch the complete documentation index at: https://docs.replyke.com/llms.txt > Use this file to discover all available pages before exploring further. # Auth > Sign users up, sign them in, manage tokens, and handle password resets from your server The `auth` module handles user authentication flows server-side. This is useful for custom onboarding pipelines, admin-initiated account creation, token introspection, and password management. All auth functions operate on behalf of your project. The caller is your server, authenticated via API key — not an end user. *** ### signUp Creates a new user account and returns credentials. ```typescript theme={null} const { user, accessToken, refreshToken } = await replyke.auth.signUp({ email: "user@example.com", password: "s3cur3P@ss", name: "Alice", username: "alice", }); ``` The user's email address. The user's plain-text password (hashed server-side). Display name for the user. Unique username. Must be available — check with `users.checkUsernameAvailability` first. Arbitrary key-value data attached to the user at creation time. **Returns** — `Promise<{ user: AuthUser; accessToken: string; refreshToken: string }>` *** ### signIn Authenticates an existing user and returns fresh credentials. ```typescript theme={null} const { user, accessToken, refreshToken } = await replyke.auth.signIn({ email: "user@example.com", password: "s3cur3P@ss", }); ``` The user's email address. The user's password. **Returns** — `Promise<{ user: AuthUser; accessToken: string; refreshToken: string }>` *** ### signOut Invalidates a refresh token, ending the user's session. ```typescript theme={null} await replyke.auth.signOut({ refreshToken }); ``` The refresh token to invalidate. **Returns** — `Promise` *** ### requestNewAccessToken Exchanges a valid refresh token for a new access token. ```typescript theme={null} const { accessToken } = await replyke.auth.requestNewAccessToken({ refreshToken, }); ``` A valid, non-expired refresh token. **Returns** — `Promise<{ accessToken: string }>` *** ### verifyExternalUser Verifies a signed JWT representing an externally-authenticated user and returns Replyke credentials. Use this when your application manages its own auth and you want to associate users with Replyke. ```typescript theme={null} const { user, accessToken, refreshToken } = await replyke.auth.verifyExternalUser({ userJwt: signedJwt, }); ``` A JWT signed with your project's signing secret, containing user identity claims. **Returns** — `Promise<{ user: AuthUser; accessToken: string; refreshToken: string }>` *** ### requestPasswordReset Sends a password reset email to the specified address. ```typescript theme={null} await replyke.auth.requestPasswordReset({ email: "user@example.com" }); ``` The email address to send the reset link to. **Returns** — `Promise` *** ### resetPassword Completes a password reset using a token from the reset email. ```typescript theme={null} await replyke.auth.resetPassword({ token: resetToken, newPassword: "newS3cur3P@ss", }); ``` The reset token from the password reset email link. The new password to set for the account. **Returns** — `Promise` *** ### verifyEmail Marks a user's email address as verified using a token from the verification email. ```typescript theme={null} await replyke.auth.verifyEmail({ token: verificationToken }); ``` The email verification token. **Returns** — `Promise`