Managed Authentication
In order to give a user free access to their own user state, we need to verify that the particular user is who they say they are. To achieve this, authentication is considered as a first class concern of this managed backend offering.

Authentication Sequence

Managed authentication is conducted via magic links. The server never asks for a password, nor stores one.
User must provide a valid e-mail address, to which the server sends an e-mail containing a redirect link to your application. This link is based on the app origin that you supplied for your app in the admin console.
To trigger this e-mail, you should use the login function from useLogin. The magic link contains a one-time use only login_code.
The magic link may look like: https://yourapp.com?email=foo&login_code=bar&app_id=baz
Upon clicking this link, the user will be redirected to your app.

Redirection to app

After the user lands on your app, useCheckAuth hook detects that the app was initialized after a login link was clicked. It then exchanges the login_code for a valid user session from the server, thus allowing the user access to their user state and cloud queries.

onAuthRequest and onAuthSuccess

When CloudStateClient is initiatialized, it asks for two parameters: onAuthRequest and onAuthSuccess. These are to:
  • Know what to do when the client determines that the user is unauthenticated.
  • Know what tod do when the user has established an authenticated session for the first time.
Example behaviours in these cases would be to, redirect the user to your /login page, and redirect the user to an authenticated page like /user/profile.

react-web and plug in auth

If you use react-web, most of these concerns are taken care for your web application. It provides sensible defaults for useLogin, useCheckAuth and CloudStateClient.onAuth* usage.
Copy link