appwrite · gewenyu99 · Feb 4, 2024 · Jan 30, 2024 · Jan 30, 2024 · Jan 31, 2024
diff --git a/src/partials/auth-security.md b/src/partials/auth-security.md
@@ -12,9 +12,11 @@ Password dictionary can be enabled in the Auth service's **Security** tab on the
 
 # Password hashing  {% #password-hashing %}
 Appwrite protects passwords by using the [Argon2](https://github.com/P-H-C/phc-winner-argon2) password-hashing algorithm.
-Argon 2 is a resilient and secure password hashing algorithm, which is also the winner of the [Password Hashing Competition](https://www.password-hashing.net/)
+Argon 2 is a resilient and secure password hashing algorithm, which is also the winner of the [Password Hashing Competition](https://www.password-hashing.net/).
 Appwrite combines Argon 2 with the use of techniques such as salting, adjustable work factors, and memory hardness to securely handle passwords.
 
+If an user is imported into Appwrite with hash differnt than Argon2, the password will be re-hashed on first successful user's sign in. This ensures all passwords are stored as securely as possible.
+
 # Personal data  {% #personal-data %}
 
 Encourage passwords that are hard to guess by disallowing users to pick passwords that contain personal data.

diff --git a/src/routes/docs/advanced/platform/+page.markdoc b/src/routes/docs/advanced/platform/+page.markdoc
@@ -68,6 +68,6 @@ Configure custom domains and customize communication templates.
 Add a custom domain for your Appwrite APIs.
 {% /cards_item %}
 {% cards_item href="/docs/advanced/platform/message-templates" title="Message templates" %}
-Create custom branding and messages when you communicate with users..
+Create custom branding and messages when you communicate with users.
 {% /cards_item %}
 {% /cards %}
diff --git a/src/routes/docs/apis/graphql/+page.markdoc b/src/routes/docs/apis/graphql/+page.markdoc
@@ -106,8 +106,8 @@ If no errors occur, the array will not be present in the response.
 # Authentication {% #authentication %}
 
 GraphQL authenticates using Appwrite accounts and sessions. 
-Both accounts and sessions can be created with GraphQL using the `accountCreate`, `accountCreateEmailSession`, 
-`accountCreateAnonymousSession`, or `accountCreatePhoneSession` mutations.
+Both accounts and sessions can be created with GraphQL using the `accountCreate`, `accountCreateEmailPasswordSession`, 
+`accountCreateAnonymousSession`, or `accountCreatePhoneToken` mutations.
 
 More information and examples of authenticating users can be found in the dedicated [authentication guide](/docs/products/auth).
 

diff --git a/src/routes/docs/products/auth/+layout.svelte b/src/routes/docs/products/auth/+layout.svelte
@@ -61,6 +61,10 @@
 					label: 'Magic URL login',
 					href: '/docs/products/auth/magic-url'
 				},
+				{
+					label: 'Email OTP login',
+					href: '/docs/products/auth/email-otp'
+				},
 				{
 					label: 'OAuth 2 login',
 					href: '/docs/products/auth/oauth2'
@@ -73,6 +77,10 @@
 					label: 'JWT login',
 					href: '/docs/products/auth/jwt'
 				},
+				{
+					label: 'Custom token login',
+					href: '/docs/products/auth/custom-token'
+				},
 				{
 					label: 'Multi-factor authentication',
 					href: '/docs/products/auth/mfa'

diff --git a/src/routes/docs/products/auth/accounts/+page.markdoc b/src/routes/docs/products/auth/accounts/+page.markdoc
@@ -12,17 +12,19 @@ Each user's account can also have their own preference object, which you can use
 
 # Signup and login {% #signup-login %}
 
-You can signup and login a user with an account create through 
-[email password](/docs/products/auth/email-password),
-[phone (SMS)](/docs/products/auth/phone-sms),
-[Anonymous](/docs/products/auth/anonymous),
-[magic URL](/docs/products/auth/magic-url), and
-[OAuth 2](/docs/products/auth/oauth2)
-authentication.
+You can signup and login a user with an account created through 
+[Email and password](/docs/products/auth/email-password), 
+[OAuth 2](/docs/products/auth/oauth2), 
+[Magic URL](/docs/products/auth/magic-url), 
+[Email OTP](/docs/products/auth/email-otp), 
+[Phone (SMS)](/docs/products/auth/phone-sms), 
+and [Anonymous](/docs/products/auth/anonymous) authentications.
+
+You can also use [Custom token](/docs/products/auth/custom-token) to implement your own authentication flow, or integrate with any external provider.
 
 # Preferences {% #preferences %}
 
-You can store user preferences on a user's account using Appwrite's [Update Preferences](/docs/references/cloud/client-web/account#updatePrefs) endpoint. You can store preferences such as theme, notification settings, or preferred language so they can be synced across multiple devices.
+You can store user preferences on a user's account using Appwrite's [Update preferences](/docs/references/cloud/client-web/account#updatePrefs) endpoint. You can store preferences such as theme, notification settings, or preferred language so they can be synced across multiple devices.
 
 Preferences are stored as a key-value JSON object. The maximum allowed size for preferences is 64kB, and an error will be thrown if this limit is exceeded.
 
@@ -108,7 +110,7 @@ mutation {
 ```
 {% /multicode %}
 
-After a user's preferences are updated, they can be retrieved using the [get account preferences](/docs/references/cloud/client-web/account#getPrefs) endpoint.
+After a user's preferences are updated, they can be retrieved using the [Get preferences](/docs/references/cloud/client-web/account#getPrefs) endpoint.
 
 {% multicode %}
 ```js 

diff --git a/src/routes/docs/products/auth/anonymous/+page.markdoc b/src/routes/docs/products/auth/anonymous/+page.markdoc
@@ -10,7 +10,7 @@ Anonymous sessions allow you to implement **guest** users. Guest users let you s
 
 # Create anonymous session {% #createSession %}
 
-Create an anonymous session with [Create Anonymous Session](/docs/references/cloud/client-web/account#createAnonymousSession) route.
+Create an anonymous session with [Create Anonymous Session](/docs/references/cloud/client-web/account#createAnonymousSession) endpoint.
 
 {% multicode %}
 ```js
@@ -78,7 +78,7 @@ mutation {
 
 # Attaching an account {% #attach-account %}
 
-Anonymous users cannot sign back in. If the session expires, they move to another computer, or they clear their browser data, they won't be able to log in again. Remember to prompt the user to create an account to not lose their data.
+Anonymous users cannot sign back in. If the session expires, they move to another computer, or they clear their browser data, they won't be able to log in again. Remember to prompt the user to claim an account to not lose their data.
 
 Create an account with any of these methods to transition from an anonymous session to a user account session.
 

diff --git a/src/routes/docs/products/auth/custom-token/+page.markdoc b/src/routes/docs/products/auth/custom-token/+page.markdoc
@@ -0,0 +1,53 @@
+---
+layout: article
+title: Custom token login
+description: Limitless authentication flow in Appwrite. Find out how to implement custom authentication flow or connect to 3rd party authentication providers.
+---
+
+Tokens are short-lived secrets created by an [Appwrite Server SDK](/docs/sdks#server) that can be exchanged for session by a [Client SDK](/docs/sdks#client) to log in users. You may already be familiar with tokens if you checked out [Magic URL login](/docs/products/auth/magic-url), [Email OTP login](/docs/products/auth/email-otp) or [Phone (SMS) login](/docs/products/auth/phone-sms).
+
+Custom token allows you to use [Server SDK](/docs/sdks#server) to generate tokens for your own implementations. This allows you to code your own authentication methods using Appwrite Functions or your own backend. You could implement username and password sign-in, captcha-protected authentication, phone call auth, and much more. Custom tokens also allow you to skip authentication which is useful when you integrate Appwrite with external authenticaion providers such as Auth0, TypingDNA, or any provider trusted by your users.
+
+# Create custom token {% #create-custom-token %}
+
+Once you have your server endpoint prepared either in an Appwrite Function or a server integration, you can use the [Create token](/docs/references/cloud/server-node/users#createToken) endpoint of the [Users API](/docs/products/auth/users) to generate a token.
+
+```js
+import { Client, Users } from "node-appwrite";
+
+const client = new Client()
+    .setEndpoint('https://cloud.appwrite.io/v1') // Your API Endpoint
+    .setProject('<PROJECT_ID>');               // Your project ID
+    .setKey('<API_KEY>');                    // Your secret API key
+
+const users = new Users(client);
+
+const token = await users.createToken('[USER_ID]');
+
+console.log(token.secret);
+```
+
+The newly created token includes a secret which is 6 character long hexadecimal string. You can configure length of the secret and expiry when creating a token.
+
+If you are integrating with external authentication providers or implementing your own authentication, make sure to validate user authenticated properly before generating a token for them.
+
+If you are implementing token-based authentication flow, share the token secret with user over any channel of your choice instead of directly giving it to him in the response.
+
+If the client doesn't know the user's ID during authentication, we recommend to directly return user ID to the client as part of this step. If necessary, you can check if the user with an user ID exists first, and create a new user if needed.
+
+# Login {% #login %}
+
+Once the client receives a token secret, we can use it to authenticate the user in the application. Use the [Client SDK's](/docs/sdks#client) [Create session endpoint](/docs/references/cloud/client-web/account#createSession) to exchange the token secret for a valid session, which logs the user.
+```js
+import { Client, Account } from "appwrite";
+
+const client = new Client()
+    .setEndpoint('https://cloud.appwrite.io/v1') // Your API Endpoint
+    .setProject('<PROJECT_ID>');               // Your project ID
+
+const account = new Account(client);
+
+await account.createSession('[USER_ID]', '[SECRET]');
+```
+
+When the session is successfully created, the session is stored in a persistent manner and you can now do requests as authorized user from the application.