Join the Webstudio community

Updated 11 months ago

Local storage

At a glance

The community members are discussing how to securely store and use a JWT token for authentication in a web application. The original poster asks if there is a way to bind a system variable to a local storage value, which the first commenter says is not possible.

The community members then discuss alternative approaches, such as using a session cookie instead of local storage, which would be more secure. They also discuss how to use the cookie data in a collection resource, with one commenter suggesting a similar approach to the login.copy.ai example.

However, the community members note that the current implementation only supports authentication by access token, which can be hardcoded in the resource URL or header. They suggest a workaround using a JWT token from local storage, but acknowledge that this is not a secure solution.

The community members also discuss how to implement a more secure authentication system, where the user's authentication status is checked on the client-side before allowing access to protected routes. They suggest that the token does not need to be passed to the resource, as the client-side authentication is sufficient to protect the page.

Overall, the community members are exploring different approaches to implementing secure authentication and authorization in a web application, but there is no explicitly marked answer in the provided information.

Useful resources
Is there a way to bind system var to a localstorage value?
O
S
B
12 comments
No, what's your use case?
just want to store a jwt in localstorage from a passwordless login and use it in collection resource ... e.g. in the directory listing demo .. user should be able to see only items they created
Local storage is not protected, anyone can read it
What would be a good way to do this?
Session cookie if it's a private token
How do go use the cookie data in the collection? Any example

Basically similar to this example https://login.copy.ai/, they just send an email and ask for a code (from the email)

Then the collection data is pulled based on the session I guess
At the moment we support only authentication by access token which you can hardcode in resource url or header
This authentication is common to all users right?

Hence, as I workaround I was thinking of a jwt token from localstorage if I could access it.

Anything that works good enough is fine
So overall you can do a not so secure thing today, in fact that's how supabase suggests. You do the auth on the client, configure it using whatever: local storage, cookie, anything
Then let user visit any route you want to be protected and don't let them if they are not signed in, from the client.
You don't need to pass that token to Resource, you are only protecting the page.
Unable to follow how to implement .... any documentation link or example pls.

Lets take the shopify example from your buildship livecast.

How to make sure that only you can see your shopping cart and I should never be able to see it. Assume that BuildShip backend is under our control for customization, etc
Add a reply
Sign up and join the conversation on Discord