authUser returns the profile of the end-user signed in to the workspace, drawn from the workspace’s per-workspace user pool managed by the end-user identity service. It takes no arguments — it reads from the active session. By the end of this page you can gate a block by role, pre-fill a form with the user’s email, or pipe user context into another capability call. The user pool is auto-provisioned for every workspace; you do not configure the identity service directly.
Invoke from a block
Most uses ofauthUser are inline references to its output fields rather than a standalone invocation. A common pattern is gating a block on a role:
admin-panel.json
support-form.json
authUser.* references against the active session before dispatching the outer capability. If no user is signed in, the reference evaluates to null and visible_if blocks hide themselves.
Inputs
authUser accepts no arguments. It reads entirely from the active session context.
Outputs
The capability returnsnull when no user is signed in. When a user is signed in, the result contains:
On public pages that can render for unauthenticated visitors, always check for
null before accessing a field. Use a visible_if guard on any block whose render depends on authUser, or you will get a runtime error when a logged-out visitor lands on the page.Provisioning
No manual setup. Every workspace has a user pool auto-provisioned on the end-user identity service. User accounts, role assignments, and metadata are managed through the workspace’s authentication settings in the Builder.Error codes
Every error returns the standard envelope:Related
runQuery
Query the workspace’s Postgres database — row-level access uses
authUser’s session.End-user auth guide
Configure sign-in, role assignment, and per-page authentication.