Hey everyone,
I’m working on an app where users log in through a Xano backend. I’ve got a login flow that works:
-
I send email/password to my Xano
/auth/loginendpoint. -
The token returned gets stored in
localStorageand mirrored into a WeWeb variable (authToken). -
I also fetch
/auth/meto grab user details and figure out which portal (student, scheduler, executive, etc.) they should land on.
That part works fine.
The problem: once the user navigates to another page, the other pages don’t seem to “know” they’re authenticated. The token exists in localStorage, but unless I explicitly re-sync or re-validate it, the page just acts as if the user isn’t logged in. That forces me to add a guard/check on each page load, which feels a little clunky and it still does not work.
So right now I’ve got:
-
A global auth utility that stores and clears the token.
-
A login workflow that sets both
localStorageand a WeWeb variable. -
An app-level init workflow to reload the token on refresh.
-
Page-level guards that check the token against
/auth/meand redirect based on role.
My question:
Is there a simpler or more “native” way to persist authentication and enforce role-based access across pages in WeWeb, without manually handling localStorage + variables + guards on every page?
Would love to hear how others are structuring this — especially if you’ve got a cleaner pattern for:
-
Persisting tokens across navigation
-
Automatically attaching
Authorization: Bearer …headers -
Protecting pages by role without copy/pasting guard logic
Thanks in advance for any insights!
