authenticate_user

Authenticate users with email and password credentials for PocketBase database access, supporting both regular user collections and admin authentication.

Instructions

Authenticate a user with email and password

Input Schema

TableJSON Schema

Name	Required	Description	Default
`email`	Yes	User email
`password`	Yes	User password
`collection`	No	Collection name (default: users)	users
`isAdmin`	No	Whether to authenticate as an admin (uses _superusers collection)

Implementation Reference

src/index.ts:878-909 (handler)

The handler function that performs user authentication using PocketBase's authWithPassword method. Supports regular users and admin authentication via environment variables.

private async authenticateUser(args: any) {
  try {
    // Use _superusers collection for admin authentication
    const collection = args.isAdmin ? '_superusers' : (args.collection || 'users');
    
    // For admin authentication, use environment variables if email/password not provided
    const email = args.isAdmin && !args.email ? process.env.POCKETBASE_ADMIN_EMAIL : args.email;
    const password = args.isAdmin && !args.password ? process.env.POCKETBASE_ADMIN_PASSWORD : args.password;
    
    if (!email || !password) {
      throw new Error('Email and password are required for authentication');
    }
    
    const authData = await this.pb
      .collection(collection)
      .authWithPassword(email, password);
    
    return {
      content: [
        {
          type: 'text',
          text: JSON.stringify(authData, null, 2),
        },
      ],
    };
  } catch (error: unknown) {
    throw new McpError(
      ErrorCode.InternalError,
      `Authentication failed: ${pocketbaseErrorMessage(error)}`
    );
  }
}

src/index.ts:307-330 (schema)

Input schema defining the parameters for the authenticate_user tool, including email, password, optional collection, and isAdmin flag.

inputSchema: {
  type: 'object',
  properties: {
    email: {
      type: 'string',
      description: 'User email',
    },
    password: {
      type: 'string',
      description: 'User password',
    },
    collection: {
      type: 'string',
      description: 'Collection name (default: users)',
      default: 'users'
    },
    isAdmin: {
      type: 'boolean',
      description: 'Whether to authenticate as an admin (uses _superusers collection)',
      default: false
    }
  },
  required: ['email', 'password'],
},

src/index.ts:304-331 (registration)

Tool registration in the ListTools response, including name, description, and input schema.

{
  name: 'authenticate_user',
  description: 'Authenticate a user with email and password',
  inputSchema: {
    type: 'object',
    properties: {
      email: {
        type: 'string',
        description: 'User email',
      },
      password: {
        type: 'string',
        description: 'User password',
      },
      collection: {
        type: 'string',
        description: 'Collection name (default: users)',
        default: 'users'
      },
      isAdmin: {
        type: 'boolean',
        description: 'Whether to authenticate as an admin (uses _superusers collection)',
        default: false
      }
    },
    required: ['email', 'password'],
  },
},

src/index.ts:683-684 (registration)
Dispatcher case in the CallToolRequest handler that routes calls to the authenticateUser method.
```
case 'authenticate_user':
  return await this.authenticateUser(request.params.arguments);
```

PocketBase MCP Server