πŸ“£ The forum has moved to GitHub

We’ve switched to GitHub Discussions as the hub for our community. This will improve the experience of collaborating for everyone, sharing what you’re working on, and discussing ideas for how Swell can be improved. Existing threads will remain open, but new posts are disabled.

Go to GitHub β†’

How to support google/fb/other signup/login?

Hi Team,

I looked, but couldn't see any option to integrate with google/fb et al, to let users signup. or login.


How exactly is this done, please?

Answers

  • Hi @Tradyl Administrator ,

    Thank you for posting this question!

  • Greg
    edited January 2022

    Hi @Tradyl Administrator , if using a 3rd party authentication service, you can take advantage of our Multipass functionality to bypass the standard login password requirement. Instead of the user providing a Swell password, you pass a token generated securely on the back end.


    • Make a request from your front-end to your server-side app:
    const response = await axios.get('/api/generateToken', {
      params: {
        email: '<user email>'
      }
    });
    const token = response.data.password_token;
    
    • Generate a token server-side:
    const email = req.query.email
    
    // respond with password_token created on the account object
    const response = await swell.put(`/accounts/${email}`, {
        password_token: null
    })
    
    res.status(200).json(response)
    
    • Login client app with returned token
    await swell.account.login('<email>', {
      password_token: token
    })
    


  • Thanks.

    For the non tech audience who might be reading this, here is what (we think) the flow is:

    1. From front end, we can use, say, a google auth client side library to start the login/signup process. This process is handled by google and ends up with google api returning a token (if the user did manage to authenticate himself).
    2. Now that we know user has authenticated to google, we call a backend api (that we obviously must write). The backend API then generates a swell token by making a call to Swell account endpoint. Something like /accounts/<user_trying_to_login> . This token is then sent back to front end.
    3. The front end then attempts to login using this swell token.
  • Not only for 3rd party OAuth cases, but this is also a much better way to control the client-side auth. And it must be uploaded on Docs. πŸ™„

Sign In or Register to comment.