M
Manifest5mo ago
Ian

Token Auth not automatically getting stored as a cookie

How is the login supposed to work? Because when I call loginUser, I get a response with a token but I don't get a cookie back. 
loginUser(email, password) {
    try {
        await manifest.login("users", email, password);
        return true;
    } catch (error) {
        console.error("Login error:", error);
        throw new Error("Invalid credentials");
    }
}
loginUser(email, password) {
    try {
        await manifest.login("users", email, password);
        return true;
    } catch (error) {
        console.error("Login error:", error);
        throw new Error("Invalid credentials");
    }
}
7 Replies
brunobuddy
brunobuddy5mo ago
Hello @Ian After a successful manifest.login() function, the token is automatically attached to the headers of the requests until you manfinest.logout(). This means that you can simply: 
    await manifest.login('users', 'user@manifest.build', 'passsword') // Log in.

    await manifest.from('projects').find() // ✅ Works even if policies are restricted to logged in users.

    await manifest.logout() // Empty headers.

    await manifest.from('projects').find() // ❌ 403 Error if policies are restricted.
    await manifest.login('users', 'user@manifest.build', 'passsword') // Log in.

    await manifest.from('projects').find() // ✅ Works even if policies are restricted to logged in users.

    await manifest.logout() // Empty headers.

    await manifest.from('projects').find() // ❌ 403 Error if policies are restricted.
However if you need the token for some reason (store in local storage for example) , since the SDK version 1.2.2 you can: 
    const {token} = await manifest.login('users', 'user@manifest.build', 'passsword')
    const {token} = await manifest.login('users', 'user@manifest.build', 'passsword')
lugshar
lugshar2mo ago
Now that I have a cookie with my token, how can I try to use it for the SDK so that the user doesn’t have to log in again? If I were using regular HTTP requests I could just attach it to the Authorization header, but how to do it using the SDK? @brunobuddy Seems there's no way to do it now, while the solution could be as simple as to provide the option to pass a custom token while creating a new Manifest SDK instance, such as: 
const baseUrl = 'http://localhost:1111';
const options = {
  token: 'secret-jwt-token'
};

const manifest = new Manifest(baseUrl, options);
const baseUrl = 'http://localhost:1111';
const options = {
  token: 'secret-jwt-token'
};

const manifest = new Manifest(baseUrl, options);
or, alternatively (might be a safer option), provide a separate method like: 
const manifest = new Manifest();

// Will call Manifest backend to verify the token, if is valid it will save it to Manifest.headers['Authorization'] private property and return true, otherwise will return false
const isValid: boolean = await manifest.verifyToken("secret-jwt-token");
const manifest = new Manifest();

// Will call Manifest backend to verify the token, if is valid it will save it to Manifest.headers['Authorization'] private property and return true, otherwise will return false
const isValid: boolean = await manifest.verifyToken("secret-jwt-token");
Let's discuss the possibilities and if needed I could try to make a PR.
brunobuddy
brunobuddy2mo ago
Hello @lugshar, if you use the manifest SDK as singleton in a service, it should take the token in the requests once the login has been sucessful in theory. What front-end stack are you using ? I can try to create an example repo
lugshar
lugshar2mo ago
It does work, my question is about a different use case – let’s call it “don’t log me out” upon logging in.
brunobuddy
brunobuddy2mo ago
ah you mean from session to session ?
lugshar
lugshar2mo ago
Yep It's not that I'm greatly blocked by it, but definitely that's a feature I consider a must have, otherwise it's a pain in the ass to have to log in each time. Again, I could try making a PR with that, just want to have a confirmation that I am right in my assumptions. I did take a look at the source code and did not find anything, but I did find quite a few low-level methods that could be used to implement this kind of functionality easily.
brunobuddy
brunobuddy2mo ago
Hello @lugshar it is definitely something that we would like to have, feel free to create a PR if you want. Make sure that you read the contributing file https://github.com/mnfst/manifest/blob/master/CONTRIBUTING.md
GitHub
manifest/CONTRIBUTING.md at master · mnfst/manifest
Portable backend to ship fast. Contribute to mnfst/manifest development by creating an account on GitHub.

Did you find this page helpful?