TUTORIAL – How to Setup Xano Authentication and Gate Content in WeWeb 🔐

Tutorials
, ,
1

In order to setup Xano authentication in your WeWeb project, there are three pre-requisites:

:white_check_mark: 1- you already have an account with Xano, it’s free for up to 10,000 records

:white_check_mark: 2- you have a user table in your Xano database with at least two fields: login and password

:white_check_mark: 3- you have the three authentication API endpoints in Xano

Let’s walk you through step 2 and 3 before we dive into the actual WeWeb setup :slightly_smiling_face:

Setup a User Table in Your Xano Database

Your user table should include at least two fields:

  • one field where you store the login, for example, a string field with a name or an email field with an email address, and
  • one field of field type “password” where you store the encrypted password.

table with password field in xano
table with password field in xano1920×700 71.5 KB

:warning: It’s important that you choose the field type “password” when creating your user table in Xano. :warning:

This will ensure that:

  • you can use Xano’s authentication API points, and that
  • the user input is encrypted when the user first creates an account with your web-app.

:zap: Pro tip: if you’re starting from scratch in Xano, you can use the “Starter” template in their Marketplace.

starter template in xano
starter template in xano1920×947 119 KB

Create Authentication API Endpoints in Xano

For Xano authentication to work, you need three API endpoints:

  1. signup
  2. login
  3. me

three auth endpoints in xano-api view
three auth endpoints in xano-api view1920×633 57 KB

If you’re using a Xano template that includes authentication, you’ll find these endpoints in the API sub-menu.

Otherwise, you’ll need to create these three endpoints yourself by going to “API” > “Add API Endpoint” > “Authentication”

create-auth-endpoints-xano

Copy Xano Authentication Endpoints Into WeWeb

In WeWeb, you’ll need to copy/paste the URL of each Xano API endpoint:

three auth endpoints in weweb
three auth endpoints in weweb1008×698 141 KB

:warning: Warning: the order in which endpoints are displayed in Xano may vary. Make sure to copy the correct URL in each WeWeb :warning:

Create Roles and Permissions

Adding Roles to Xano API Endpoint

In order to gate content in WeWeb based on user roles and permissions, you first need to create a role column in your Xano user base.

If you have a column with user roles in your Xano user base, you will be able to add it to the output of your me endpoint:
add role ro me output in xano auth

Once you’ve added roles to the output of the me endpoint of your Xano auth, you can add them to WeWeb.

Telling WeWeb Where to Find the User Role Info in Xano

Here, it’s in the role column so that’s what we type in:

role in user info
role in user info702×570 24.3 KB

Then, you can add user groups where user roles match the data in Xano.

Adding User Groups in WeWeb

define-user-groups

Note that user role categories in Xano match the user roles in WeWeb:

User roles in Xano

user roles in xano
user roles in xano1920×501 48.4 KB

User roles in WeWeb

define user groups in weweb
define user groups in weweb708×908 118 KB

Gate Content Based on User Roles

Once you’ve setup user roles in WeWeb, you can Manage access to pages
and define rules for Private access:

gate-content-with-xano-roles

3 Likes
2

Login part works great.
I am getting an error on sign ups after following all the steps. Any guidance?

Screen Shot 2022-11-14 at 9.12.49 AM
Screen Shot 2022-11-14 at 9.12.49 AM1473×599 94 KB

3

Hi @carri :wave:

Can you check the message under response?

image
image1600×993 223 KB

My guess is that the password you chose doesn’t match the requirements that are setup in Xano but I could be wrong.

Another way to check would be to use Xano’s run & debug function with the same email, password.

3 Likes
4

Roles and permissions…, this tutorial is not for starter pack isn’t it?

5

I wasn’t sending the role info to Xano. It now works.

1 Like
6

Hi @Joyce, my sign up xano form includes more than the 3 standard form fields (company field). However by default the workflow sign up xano includes only email, pass and name. Is there a way to add more fields?

image
image1647×577 81.1 KB

1 Like
7

Hi @dimbell :wave:

You won’t be able to do it with the Xano Auth actions because the email, password, name inputs are hardcoded but you can do it with the REST API plugin:

CleanShot 2022-11-22 at 11.42.44@2x
CleanShot 2022-11-22 at 11.42.44@2x1920×950 113 KB

In our action, we set up our signup API call (1) then we get the user’s authentication token (2)

1 Like
8

Hi @Joyce

Could you please point me in the right direction?

I’m storing roles and permissions in a separate table in Xano and using the +Addon feature to return the user roles in the output when I call the auth/me endpoint.

What format do I need to reference the ‘Role key’ in step 4. of the Xano Auth configuration? I tried using dot notation but didn’t have any luck.

Thanks

image
image920×1454 147 KB

9

Hi folks,

Just looking for confirmation that the user role MUST be stored within the /User table, and not just passed in the auth/me response using Xano’s +Addon feature?

I’m having difficulty understanding how the Private access settings will be applied as I’m just working in the editor mode at the moment.

It would be ideal if the ‘User role configuration’ [Role key] could just be bound to the auth/me response in the same way the other collections are configured. Then I instinctively know that the role it will grab will be correct.
image

Before going and reconfiguring some of my database tables I hope to be able to clarify the above question.

For context;

  • I am currently storing ‘role’ on a relational table called company_has_user.

  • A user can belong to multiple companies with different roles for each company.

  • When a logged in user toggles between their different company accounts, their permissions for that company should take immediate effect.

  • When a user logs in, they are granted the role set by the company account they were last logged in with.

  • If a company administrator changes the user’s role, the update occurs within the relational table and not the User table. Therefore, not overriding their permissions within a users existing or other accounts.

Appreciate the confirmation, and if so, I’ll proceed with some workarounds.

10

Hey @MichaelLovell, apologies for the late reply.

I was able to do it by creating an Add-on in Xano that’s a list of items (so not a single item):

CleanShot 2023-02-22 at 22.52.46@2x
CleanShot 2023-02-22 at 22.52.46@2x1184×1256 53 KB

And telling WeWeb the role type was in a List of objects (so not a text):

CleanShot 2023-02-22 at 22.53.23@2x
CleanShot 2023-02-22 at 22.53.23@2x1680×1418 189 KB

Here’s a long-ish video I recorded for you on the topic. Let me know if it helps. I’ll try to record a more structured tutorial later :slight_smile:

1 Like
11

@Joyce you are powering through the forum today. :woman_superhero: :raised_hands:

Greatly appreciated! I will give that method a try.

2 Likes
12

Haha yes! :smile: And by the way, I checked after recording the video: you do need to make sure the add-on output is named role and not _role in Xano and the Role key in WeWeb in step 4 of the plugin config is also role

1 Like
13

Hello @Joyce I am trying to set up a Gate content for a project I’m working on. I am using Xano auth and followed the above tutorial to set the user roles.
I am trying to test the the Gate content in preview mode and it does not work. Is it because it’s preview and not a live app?
Thx for the help

1 Like
14

Yes, you’ll need to test on a published app (in staging or in production) because in the editor, we allow you to access all the pages of the project.

2 Likes
15

Alright thank you for the answer!

1 Like
16

Very Informative and briefly explained step-wise.

1 Like
17

I have followed the tutorial above, I’m on the basic login page trying to setup basic login using the xano plugin,

I’ve also tested the username and password in xano. And it gives the auth token.

When I bind username and same password and test in weweb using xano plugin using the ‘xano login’ and workflow actions it gives 403 error.

I’m using details for jane@email.com. As I’m trying to follow the level 2 tutorial.

When I make the REST API request it works.

It gives 403 ERROR. says invalid credentials, payload.

image
image2016×1512 1.02 MB

18

Hi @Dervish99 :wave:

Let me see if I got this right:

  • when you test the login endpoint in Xano using jane@email.com and a password, you get an auth token
  • when you test the login endpoint in WeWeb using the REST API plugin, you also get an auth token
  • but when you test the login action of the Xano Auth plugin in WeWeb, you get a 403 error

Is that correct?

First thought is maybe the Xano Auth plugin is not referencing the correct Xano instance or the correct endpoint. For example, here I am referencing my free instance and the login endpoint in the basic-auth path:

CleanShot 2023-09-04 at 17.05.30@2x
CleanShot 2023-09-04 at 17.05.30@2x1340×1332 103 KB

But in Xano I could be testing an endpoint in the auth path:

CleanShot 2023-09-04 at 17.06.47@2x
CleanShot 2023-09-04 at 17.06.47@2x1678×512 47.9 KB

That could be one explanation.

Otherwise, in the screenshot you shared, towards the bottom, you see Xano’s response with status: 403. Could you unfold the data object and share a screenshot of the message that comes with the response?

That will give us a little more information to investigate :slight_smile: