Use the Token Based Auth to Store User Data

I’m building an application that connects to a custom API. I’ve created a login screen in my application where I can log my user with a REST API POST Request. When I execute the REST API, it works, it returns all the information about the user. Then in the same workflow, I create a step to Store Token, to which I bind the user token. However, all the other variables from the Token Based Auth stays empty. There’s a way to Get User (which isn’t working because the User variable in empty), but there’s no way to store all the user info in the {} user object. I also can’t find the way to change the variable isAuthenticated to true. Thank you in advance !

1 Like

It seems that it is not possible to set information in the authentication parameters of native plugins in WeWeb.

I had the same problem and I preferred to use Xano Auth to solve it since my backend is Xano.

1 Like

I’ve used the standard variables to do similar data storage; user (object), auth-token (text), is-authenticated (bool), etc. It’s sad, though, that this feature is built-in and supposed to do this, but not working. Does anyone at Weweb know what I am missing?

I haven’t tested it yet, but I am in the same exact boat. My suspicion is that the “getUser” call is what authenticates the system. I’m not 100% as I’m waiting on some tests. But I did notice after login, the devTools is showing a failed call. Perhaps this is what authenticates?

How do we flag the attention of the dev team or support? I’d like to know a bit more on how to set the “isAuthenticated” once the “Set Token” call is made.

Yeh, it sucks. I’m not sure how to make it work. I’ve finally decided to uninstall the Auth Token plugin and save info manually in variables. To flag it to their attention, you could use the Report a bug form, or otherwise hope someone from Weweb will answer us soon in this thread.

It feels like we might be using it wrong.

Because if we can’t authenticate the users, or set the isAuthenticated variable… this plug-in is useless or broken.

I wonder why they would spend time building and announcing it if it doesn’t even work?

I’m not sure to fully understand the problem :confused:

The content of the user object depends on what’s returned by the getMe endpoint (aka the fetch user action in workflows). You need your backend to setup what’ll be accessible inside it.

It’s impossible to add or remove data in the weweb auth plugin from your weweb app as modifying a user from the frontend that way would be a major security issue, as anybody would be able to modify any user…

The weweb auth plugin is intended for simple use-cases and as a starter, we strongly suggest using xano auth, auth0, token-based auth or supabase auth for complex use-cases.

Basically I’m just not sure how the Token Based Auth plugin works. I’m working for a company that has a backend with a custom API. There’s a /sign-in and /user/me endpoint where I can sign a user in, and when I do, it returns me all the info about the user (incl. an auth token). I store the token with the Store Token action. However, I’m not able to use the Fetch User action, it says access denied. In order to call the /users/me endpoint, I need to have the user token + the user email. I don’t see where I can enter the user email as a parameter.

@alexlem - There is a lot hidden behind the scenes we can’t see.

I was able to get it working. The Token Based Auth requires/relies on the User Endpoint being functional. Basically, if you pass it a URL that resolves, it’ll work.

The magic of setting the “isAuthenticated” is behind the scenes and relies on the /user and /refresh endpoints.

Ideally, it would be more relaxed than that and we could manually set the user and manually set “isAuthenticated” - but if you can manage to get those two endpoints working it works.