π£ The forum has moved to GitHub
Weβve switched to GitHub Discussions as the hub for our community. This will improve the experience of collaborating for everyone, sharing what youβre working on, and discussing ideas for how Swell can be improved. Existing threads will remain open, but new posts are disabled.
Go to GitHub βHow to support google/fb/other signup/login?
Hi Team,
I looked, but couldn't see any option to integrate with google/fb et al, to let users signup. or login.
How exactly is this done, please?
Answers
-
Thank you for posting this question!
0 -
Hi @Tradyl Administrator , if using a 3rd party authentication service, you can take advantage of our Multipass functionality to bypass the standard login password requirement. Instead of the user providing a Swell password, you pass a token generated securely on the back end.
- Make a request from your front-end to your server-side app:
const response = await axios.get('/api/generateToken', { params: { email: '<user email>' } }); const token = response.data.password_token;
- Generate a token server-side:
const email = req.query.email // respond with password_token created on the account object const response = await swell.put(`/accounts/${email}`, { password_token: null }) res.status(200).json(response)
- Login client app with returned token
await swell.account.login('<email>', { password_token: token })
1 -
Thanks.
For the non tech audience who might be reading this, here is what (we think) the flow is:
- From front end, we can use, say, a google auth client side library to start the login/signup process. This process is handled by google and ends up with google api returning a token (if the user did manage to authenticate himself).
- Now that we know user has authenticated to google, we call a backend api (that we obviously must write). The backend API then generates a swell token by making a call to Swell account endpoint. Something like /accounts/<user_trying_to_login> . This token is then sent back to front end.
- The front end then attempts to login using this swell token.
0 -
Not only for 3rd party OAuth cases, but this is also a much better way to control the client-side auth. And it must be uploaded on Docs. π
1