M
Manifest4mo ago
Waahnsinn

store Auth Token in browser

With the @mnfst/sdk, is it possible to store the Auth Token in the browser. So the User doesn't always has to relogin with username and password.
7 Replies
brunobuddy
brunobuddy4mo ago
Hello @Waahnsinn, I updated the @mnfst/sdk so you can do it. From version 1.2.2 you can now: 
const {token} = await manifest.login('users', 'user@manifest.build', 'passsword')
const {token} = await manifest.login('users', 'user@manifest.build', 'passsword')
Thank you for your message!
fedehusk
fedehusk3mo ago
Maybe we could also log in using just the token? Currently, with Astro I have to log in the user every time they are taken to another page. I made a small wrapper for this, but it would certainly be easier to handle it directly via the SDK
brunobuddy
brunobuddy3mo ago
Hello @fedehusk when you use manifest.login() , the SDK automatically sets the token in the Authorization headers for all following requests. If you have to login at each new page, it probably means that you are getting a new SDK instance each time. Do you initialize the SDK (const manifest = new Manifest()) in a service/shared singleton file ?
fedehusk
fedehusk2mo ago
Hi, sorry for the late reply! I didn't actually put it in a singleton, so it didn't work. However, since I don't want to pass data between different users, I need to use a different solution. Do you think something like this would be a good idea? 
// DBsession.js
const sessions = new Map();
export function getManifest(sessionId) { return sessions.get(sessionId); }
export function setManifest(sessionId, manifest) { sessions.set(sessionId, manifest); }


// login
import Manifest from "@mnfst/sdk";
import { setManifest } from './../DBsession';
import { v4 as uuid } from 'uuid';

const manifest = new Manifest;
await manifest.login(...);

const sessionId = uuid();
setManifest(sessionId, manifest);
Astro.cookies.set('mani-sess', sessionId)


// panel
import { getManifest } from './../DBsession';

const sessionId = Astro.cookies.get('mani-sess')?.value;

const manifest = getManifest(sessionId);
if (!manifest) {
    return new Response('Not logged in', { status: 401 });
}

const data = await manifest.from('admin').me();
// DBsession.js
const sessions = new Map();
export function getManifest(sessionId) { return sessions.get(sessionId); }
export function setManifest(sessionId, manifest) { sessions.set(sessionId, manifest); }


// login
import Manifest from "@mnfst/sdk";
import { setManifest } from './../DBsession';
import { v4 as uuid } from 'uuid';

const manifest = new Manifest;
await manifest.login(...);

const sessionId = uuid();
setManifest(sessionId, manifest);
Astro.cookies.set('mani-sess', sessionId)


// panel
import { getManifest } from './../DBsession';

const sessionId = Astro.cookies.get('mani-sess')?.value;

const manifest = getManifest(sessionId);
if (!manifest) {
    return new Response('Not logged in', { status: 401 });
}

const data = await manifest.from('admin').me();
brunobuddy
brunobuddy2mo ago
@fedehusk are you using Astro as SSG ? I do not really understand the need for authentication. What is DBsession ?
fedehusk
fedehusk2mo ago
Yup, Astro serves as SSG. I want my user to be logged while using the website/app. When I use a singleton, Manifests is running on one instace for the app, but I want it to be one instance for user, so I can make operations as them. That's why I use DBsession wrapper
brunobuddy
brunobuddy2mo ago
@fedehusk I think there is a misconception of build time and run time. When building, Astro (or other framework) fetches the dynamic content to generate static pages. At this moment you should not need to log if your data is public anyway, you should have public read policies https://manifest.build/docs/access on your entities. However, in your runtime JS (the one that is going to be bundled and executed on the client), using a service where you only instantiate once Manifest SDK const manifest = new Manifest() will result in having one instance/session per client or user so API requests should not return 403 errors once logged
Access Policies & Authorization | Manifest Docs
Learn how to implement API policies to restrict resource access for CRUD operations and endpoints.

Did you find this page helpful?