The community members are discussing how to securely store and use a JWT token for authentication in a web application. The original poster asks if there is a way to bind a system variable to a local storage value, which the first commenter says is not possible.
The community members then discuss alternative approaches, such as using a session cookie instead of local storage, which would be more secure. They also discuss how to use the cookie data in a collection resource, with one commenter suggesting a similar approach to the login.copy.ai example.
However, the community members note that the current implementation only supports authentication by access token, which can be hardcoded in the resource URL or header. They suggest a workaround using a JWT token from local storage, but acknowledge that this is not a secure solution.
The community members also discuss how to implement a more secure authentication system, where the user's authentication status is checked on the client-side before allowing access to protected routes. They suggest that the token does not need to be passed to the resource, as the client-side authentication is sufficient to protect the page.
Overall, the community members are exploring different approaches to implementing secure authentication and authorization in a web application, but there is no explicitly marked answer in the provided information.
just want to store a jwt in localstorage from a passwordless login and use it in collection resource ... e.g. in the directory listing demo .. user should be able to see only items they created
So overall you can do a not so secure thing today, in fact that's how supabase suggests. You do the auth on the client, configure it using whatever: local storage, cookie, anything
Unable to follow how to implement .... any documentation link or example pls.
Lets take the shopify example from your buildship livecast.
How to make sure that only you can see your shopping cart and I should never be able to see it. Assume that BuildShip backend is under our control for customization, etc