Ok, so there’s Token Based Auth as a plugin and now there’s Custom Auth under the Data & API.
There seems to be very little as far as how they both operate, but I’ve been playing around with the new Custom Auth, trying to get it to work and running into some issues/questions.
First, what’s the benefit/drawback of Custom Auth over Token Based Auth (TBA)? Is something spun up on the weweb back-end to handle the Custom Auth? It seems like its just storing a session.
I’m trying to integrate my project with Better-Auth and the api call to get the session works great, however when I try to store that information in the weweb user is when I’m running into issues. with TBA the Fetch User doesn’t seem to do anything and the store token doesn’t let you write to the “user” object within the TBA plugin (tried to use javascript, but had trouble on that as well).
With the Custom Auth it seems like we have a couple more options for what and how to store those details, but when the workflow indicates success on Authenticate or Set User I can’t find the variables in the platform (the token is in the ww-auth-session in the session storage).
Would love a tutorial or guidance on how to use these and what values/structure they each expect. Also, how does this interact with pages that Private Access is set to “Autenticated Users”
Indeed, there isn’t a huge difference. The main thing is how you store the user and how you secure your WeWeb backend views and endpoints.
For the sign-in, you simply use the Authenticate action to store tokens. You will see that you can create “On user load” triggers there, which is the main difference. These triggers run when authentication is triggered and on private pages, private endpoints, or views, if you are using the WeWeb backend.
Ahh, I found the user’s details under the Data & API in the On User Load workflow. I was having issues with the front end (which I think is what you were referring to fixing). That would be amazing if that could be fixed. I can submit a bug request on that.
I think my biggest questions with both the Custom Auth and the Token Based Auth has been understanding how it works and where the user data is stored. The documentation seems to be a little light there, an example setup would be super helpful there.
For my particular use case I am building an app that has a little more granular permissions where users can create new roles for their team and select the permissions for that particular team. Previously this type of setup hasn’t really been possible witht he default auth methods in weweb (unless I missed something). My approach has been to store an array in the User object of the permissions the user has in order to use that on the front end (permissions are verified on the back end before any edits happen). I would love to see that flexibility in the auth app, but completely understand that that gets quite complex and doesn’t fit most use cases.
Anyway, looking forward to that fix on the Auth. Thanks to you and your team for all the improvements!
One other thing I realized. The Custom Auth under the Data & API appears to be dependent on a weweb backend server being set up. Is that correct?
I’m using my own backend and don’t really want to also be dependent on WeWeb’s backend (at least for this project). The thing I like about the Custom Auth is that it allows me to set the Authenticated User’s user object with bindable values, however the previous Token Based Auth is reliant on the “Fetch User” action, which is very limited and there are no bindable values (and most of the time doesn’t work because my auth structure is different than what it expects).
Is there a way to either 1) use the Custom Auth without the weweb backend? or 2) get an upgrade to the Token Based Auth so that the “Fetch User” works similar to the “Authenticate” action in Custom Auth.
I’ve attempted to use Custom Javascript to set the Token Based Auth user object, but have not been able to successfully set that.
