Webstudio
Log in

Join the Webstudio community

Updated 11 months ago

Local storage

At a glance

The community members are discussing how to securely store and use a JWT token for authentication in a web application. The original poster asks if there is a way to bind a system variable to a local storage value, which the first commenter says is not possible.

The community members then discuss alternative approaches, such as using a session cookie instead of local storage, which would be more secure. They also discuss how to use the cookie data in a collection resource, with one commenter suggesting a similar approach to the login.copy.ai example.

However, the community members note that the current implementation only supports authentication by access token, which can be hardcoded in the resource URL or header. They suggest a workaround using a JWT token from local storage, but acknowledge that this is not a secure solution.

The community members also discuss how to implement a more secure authentication system, where the user's authentication status is checked on the client-side before allowing access to protected routes. They suggest that the token does not need to be passed to the resource, as the client-side authentication is sufficient to protect the page.

Overall, the community members are exploring different approaches to implementing secure authentication and authorization in a web application, but there is no explicitly marked answer in the provided information.

Useful resources
SSantosh
ยท
Is there a way to bind system var to a localstorage value?
O
S
B
12 comments
OOleg Isonen
No, what's your use case?
SSantosh
just want to store a jwt in localstorage from a passwordless login and use it in collection resource ... e.g. in the directory listing demo .. user should be able to see only items they created
OOleg Isonen
Local storage is not protected, anyone can read it
SSantosh
What would be a good way to do this?
OOleg Isonen
Session cookie if it's a private token
SSantosh
How do go use the cookie data in the collection? Any example

Basically similar to this example https://login.copy.ai/, they just send an email and ask for a code (from the email)

Then the collection data is pulled based on the session I guess
BBogdan
At the moment we support only authentication by access token which you can hardcode in resource url or header
SSantosh
This authentication is common to all users right?

Hence, as I workaround I was thinking of a jwt token from localstorage if I could access it.

Anything that works good enough is fine
OOleg Isonen
So overall you can do a not so secure thing today, in fact that's how supabase suggests. You do the auth on the client, configure it using whatever: local storage, cookie, anything
OOleg Isonen
Then let user visit any route you want to be protected and don't let them if they are not signed in, from the client.
OOleg Isonen
You don't need to pass that token to Resource, you are only protecting the page.
SSantosh
Unable to follow how to implement .... any documentation link or example pls.

Lets take the shopify example from your buildship livecast.

How to make sure that only you can see your shopping cart and I should never be able to see it. Assume that BuildShip backend is under our control for customization, etc
Add a reply
Sign up and join the conversation on Discord