How to support google/fb/other signup/login?

Hi Team,

I looked, but couldn't see any option to integrate with google/fb et al, to let users signup. or login.


How exactly is this done, please?

Comments

  • Hi @Tradyl Administrator ,

    Thank you for posting this question!

  • Greg
    edited January 31

    Hi @Tradyl Administrator , if using a 3rd party authentication service, you can take advantage of our Multipass functionality to bypass the standard login password requirement. Instead of the user providing a Swell password, you pass a token generated securely on the back end.


    • Make a request from your front-end to your server-side app:
    const response = await axios.get('/api/generateToken', {
      params: {
        email: '<user email>'
      }
    });
    const token = response.data.password_token;
    
    • Generate a token server-side:
    const email = req.query.email
    
    // respond with password_token created on the account object
    const response = await swell.put(`/accounts/${email}`, {
        password_token: null
    })
    
    res.status(200).json(response)
    
    • Login client app with returned token
    await swell.account.login('<email>', {
      password_token: token
    })
    


  • Thanks.

    For the non tech audience who might be reading this, here is what (we think) the flow is:

    1. From front end, we can use, say, a google auth client side library to start the login/signup process. This process is handled by google and ends up with google api returning a token (if the user did manage to authenticate himself).
    2. Now that we know user has authenticated to google, we call a backend api (that we obviously must write). The backend API then generates a swell token by making a call to Swell account endpoint. Something like /accounts/<user_trying_to_login> . This token is then sent back to front end.
    3. The front end then attempts to login using this swell token.
  • Not only for 3rd party OAuth cases, but this is also a much better way to control the client-side auth. And it must be uploaded on Docs. 🙄

Sign In or Register to comment.