Skip to main content
authUser returns the profile of the end-user signed in to the workspace, drawn from the workspace’s per-workspace user pool managed by the end-user identity service. It takes no arguments — it reads from the active session. By the end of this page you can gate a block by role, pre-fill a form with the user’s email, or pipe user context into another capability call. The user pool is auto-provisioned for every workspace; you do not configure the identity service directly.

Invoke from a block

Most uses of authUser are inline references to its output fields rather than a standalone invocation. A common pattern is gating a block on a role:
admin-panel.json
{
  "block": "DetailPanel",
  "props": {
    "schema_table": "admin_config",
    "visible_if": "authUser.roles contains 'admin'"
  }
}
Another is pre-filling a Form field with the signed-in user’s email:
support-form.json
{
  "block": "Form",
  "props": {
    "schema_table": "support_tickets",
    "fields": ["subject", "body"],
    "prefill": {
      "email": "authUser.email"
    },
    "on_submit": {
      "capability": "sendEmail",
      "args": {
        "template": "support-ticket",
        "to": "support@acme.com",
        "variables": {
          "user_email": "authUser.email"
        }
      }
    }
  }
}
The runtime resolves authUser.* references against the active session before dispatching the outer capability. If no user is signed in, the reference evaluates to null and visible_if blocks hide themselves.

Inputs

authUser accepts no arguments. It reads entirely from the active session context.

Outputs

The capability returns null when no user is signed in. When a user is signed in, the result contains:
On public pages that can render for unauthenticated visitors, always check for null before accessing a field. Use a visible_if guard on any block whose render depends on authUser, or you will get a runtime error when a logged-out visitor lands on the page.

Provisioning

No manual setup. Every workspace has a user pool auto-provisioned on the end-user identity service. User accounts, role assignments, and metadata are managed through the workspace’s authentication settings in the Builder.

Error codes

Every error returns the standard envelope:

runQuery

Query the workspace’s Postgres database — row-level access uses authUser’s session.

End-user auth guide

Configure sign-in, role assignment, and per-page authentication.