EdwinN1337
05/20/2022, 10:36 AMauthentication
solution but we are searching for a more secure solution with session management 😉
the only thing whats not really clear for me, if we can use our existing UI. We have a multistep register form build with chakra-ui/react-hook-form?nkshah2
05/20/2022, 10:37 AMEdwinN1337
05/20/2022, 10:45 AMnkshah2
05/20/2022, 10:54 AMEdwinN1337
05/20/2022, 11:37 AMnkshah2
05/20/2022, 11:45 AMEdwinN1337
05/20/2022, 2:38 PMrid=emailpassword
no luck eithernkshah2
05/21/2022, 2:08 AMEdwinN1337
05/23/2022, 8:11 AMrid
nkshah2
05/23/2022, 8:12 AMEdwinN1337
05/23/2022, 10:39 AMjs
Passwordless.init({
flowType: 'MAGIC_LINK',
contactMethod: 'EMAIL',
validateEmailAddress: async (email) => {
//validate email
console.log('validateEmailAddress', email)
return 'OK'
},
createAndSendCustomEmail: async ({ email, urlWithLinkCode }) => {
await sendEmail({
to: email,
emailMarkup: emailMarkup({ url: urlWithLinkCode }),
subject: 'Inloggen bij De Lokalist',
})
},
}),
The validateEmailAddress method is called before createAndSendCustomEmailnkshah2
05/23/2022, 10:55 AMvalidateEmailAddress
returns a string
or undefined
. If you return a string
the SDK assumes there was a validation error and uses the string as the error message. Returning undefined
means that the email is validEdwinN1337
05/23/2022, 11:29 AMnkshah2
05/23/2022, 11:29 AMEdwinN1337
05/23/2022, 11:46 AMnkshah2
05/23/2022, 11:48 AMEdwinN1337
05/23/2022, 11:50 AMnkshah2
05/23/2022, 11:50 AMEdwinN1337
05/23/2022, 11:52 AMdashboard:dev: 2022-05-23T11:49:53.446Z com.supertokens {t: "2022-05-23T11:49:53.446Z", message: "session init: refreshTokenPath: /api/auth/session/refresh", file: "C:\Users\edwin\Desktop\Projects\lokalist-monorepo-v2\node_modules\supertokens-node\lib\build\recipe\session\recipe.js:168:18" sdkVer: "9.2.1"}dashboard:dev: 2022-05-23T11:49:53.446Z com.supertokens {t: "2022-05-23T11:49:53.446Z", message: "session init: sessionExpiredStatusCode: 401", file: "C:\Users\edwin\Desktop\Projects\lokalist-monorepo-v2\node_modules\supertokens-node\lib\build\recipe\session\recipe.js:171:18" sdkVer: "9.2.1"}dashboard:dev: 2022-05-23T11:49:53.463Z com.supertokens {t: "2022-05-23T11:49:53.463Z", message: "middleware: Started", file: "C:\Users\edwin\Desktop\Projects\lokalist-monorepo-v2\node_modules\supertokens-node\lib\build\supertokens.js:158:26" sdkVer: "9.2.1"}
dashboard:dev: 2022-05-23T11:49:53.464Z com.supertokens {t: "2022-05-23T11:49:53.464Z", message: "middleware: requestRID is: undefined", file: "C:\Users\edwin\Desktop\Projects\lokalist-monorepo-v2\node_modules\supertokens-node\lib\build\supertokens.js:172:26" sdkVer: "9.2.1"}dashboard:dev: 2022-05-23T11:49:53.464Z com.supertokens {t: "2022-05-23T11:49:53.464Z", message: "middleware: Checking recipe ID for match: passwordless", file: "C:\Users\edwin\Desktop\Projects\lokalist-monorepo-v2\node_modules\supertokens-node\lib\build\supertokens.js:220:34" sdkVer: "9.2.1"}
dashboard:dev: 2022-05-23T11:49:53.465Z com.supertokens {t: "2022-05-23T11:49:53.465Z", message: "middleware: Not handling because no recipe matched", file: "C:\Users\edwin\Desktop\Projects\lokalist-monorepo-v2\node_modules\supertokens-node\lib\build\supertokens.js:243:30" sdkVer: "9.2.1"}
nkshah2
05/23/2022, 11:54 AMStarted SuperTokens with debug logging (supertokens.init called)
EdwinN1337
05/23/2022, 11:54 AMnkshah2
05/23/2022, 11:58 AM"apiBasePath":"/api/auth","websiteBasePath":"api/auth"
You shouldnt use the same base paths for both the website and the api layer since you are using NextJs
- The rid
header in the request headers should match the recipe you are trying to use
- Once you click on the magic link, on your frontend you will need to call the /consume
route for Passwordless (https://app.swaggerhub.com/apis/supertokens/FDI/1.13.2#/Passwordless%20Recipe/passwordlessSignInUpConsume). The API expects a linkCode
which is the location hash after you click on the magic linkEdwinN1337
05/23/2022, 12:01 PMnkshah2
05/23/2022, 12:02 PM/auth/verify
route on your frontend. That route can have a button "Confirm" or something similar and then when the user clicks it you can call the /consume
APIEdwinN1337
05/23/2022, 12:06 PMlinkCode
? (not really sure if I get that)nkshah2
05/23/2022, 12:06 PMEdwinN1337
05/23/2022, 12:09 PMgetLinkDomainAndPath
nkshah2
05/23/2022, 12:10 PMEdwinN1337
05/23/2022, 12:10 PMnkshah2
05/23/2022, 12:11 PMEdwinN1337
05/23/2022, 12:13 PM- Once you click on the magic link, on your frontend you will need to call the /consume route for Passwordless (https://app.swaggerhub.com/apis/supertokens/FDI/1.13.2#/Passwordless%20Recipe/passwordlessSignInUpConsume). The API expects a linkCode which is the location hash after you click on the magic link
Blegh, not sure if I get this right >
shouldnt the middleware handle this link and redirect / close browser?/api/auth/verify
Where do I build Confirm
button?nkshah2
05/23/2022, 12:39 PM/auth/verify
. On this page you can have a button that the user will click and then you will need to call the API manuallyEdwinN1337
05/23/2022, 12:40 PM/api/auth/verify?
auth/verify
nkshah2
05/23/2022, 12:41 PM/api/
because your websiteBasePath
is /api/auth
EdwinN1337
05/23/2022, 12:43 PMjs
appName: 'Lokalist Dashboard',
apiDomain: process.env.NEXT_PUBLIC_FRONTEND_URL,
websiteDomain: process.env.NEXT_PUBLIC_FRONTEND_URL,
apiBasePath: '/api/auth',
websiteBasePath: '/auth',
api/auth
nkshah2
05/23/2022, 12:44 PMapiBasePath:"/api/auth",websiteBasePath:"api/auth"
EdwinN1337
05/23/2022, 12:45 PMdashboard:dev: 2022-05-23T12:44:10.053Z com.supertokens {t: "2022-05-23T12:44:10.053Z", message: "appInfo: {"appName":"Lokalist Dashboard","apiDomain":"http://localhost:4000","websiteDomain":"http://localhost:4000","apiBasePath":"/api/auth","websiteBasePath":"/auth"}",
nkshah2
05/23/2022, 12:46 PMEdwinN1337
05/23/2022, 12:46 PMnkshah2
05/23/2022, 12:46 PMEdwinN1337
05/23/2022, 12:46 PMnkshah2
05/23/2022, 12:46 PM/auth
and not /api/auth
EdwinN1337
05/23/2022, 12:49 PMmagic.link
implementation from our dashboard to > supertokens
what's left is to replace custom auth from our ios/android/web apps (monorepo; capacitor / nextjs / hasura) stacknkshah2
05/23/2022, 12:49 PMEdwinN1337
05/23/2022, 12:50 PMhttp
plugin, (so no fetch or axios)nkshah2
05/23/2022, 12:52 PMEdwinN1337
05/23/2022, 1:17 PMnkshah2
05/23/2022, 1:17 PM#
yes. You can use window.location.hash
to access it easilyEdwinN1337
05/23/2022, 1:17 PMnkshah2
05/23/2022, 1:18 PM#
symbol before sending it to the APIEdwinN1337
05/23/2022, 1:53 PM/{apiBasePath}/signup/email/exists
? Wait for response to have STATUS=OK, EXIST=true
and if so, i can start using import {getUserId, doesSessionExist} from 'supertokens-website'
?nkshah2
05/23/2022, 1:59 PMdoesSessionExist
is available to use at any time, after the sign in/up process is complete the function will return trueEdwinN1337
05/23/2022, 2:08 PMjs
const { data } = useQuery(['session'], doesSessionExist, {
enabled: isSubmitting,
refetchInterval: 1000,
onSuccess: (data) => {
if (data) {
setIsSubmitting(false)
}
},
})
nkshah2
05/23/2022, 2:10 PM