Implementing cross-device sync without traditional auth for a pwa
Hey everyone,
I’ve got a simple PWA written in Astro that currently persists data using local storage. There is no cross-device communication currently and everything is static and cached right away for offline support.
I’m trying to implement some type of cross-device sync but I don’t want to have to rollout full auth as the application is pretty minimal.
My current idea is to generate some kind of uuid upon first page load and then have some kind of prompt to add additional devices to share the uuid as a kind of user credential.
I plan to use InstantDB as well to have a database that works with local storage and syncs between devices quickly.
If anyone has better ideas or tips I’m all ears.
2 Replies
If the security footprint is that minimal, then I don't see that big of a problem with this. But the first time someone needs to roll their credential because it got out somehow, and that credential is literally their userid, you're going to be in trouble. Are people's userids ever exposed to another user? Maybe an API key is a better pattern for what you're looking for. Just give everyone API keys for freesies.
But again, the second they need to roll it, or forget it, or would prefer just using their email, you may very well be upset that you don't have any auth setup.
If you want easy at the expense of everything else, try magic link only auth. No password table, just an email and when they click the link in the email the server gives them a session token. Then now that they're authed let the server accept the data from the client to update their row in the users table
mullvad vpn does something similar. to login i just put in my id. the first login is designated as the master device that can disconnect other devices