search

dexie / Dexie.js

A Minimalistic Wrapper for IndexedDB
https://dexie.org
Apache License 2.0
11.07k stars 631 forks source link

Adding Members via REST API without invite step doesn't work. Docs are ambiguous #2015

Open jessekimotho opened 2 weeks ago

jessekimotho commented 2 weeks ago

The current default flow for adding a user seems to require an invite step, even when using the REST API. This requirement significantly complicates the user experience. For instance, if a user has paid for their subscription and wants immediate access to the content of a directory/dictionary app, I have to programmatically subscribe to the db.cloud.invites observable. Even then, I need to handle the invite acceptance on the backend, which feels like unnecessary extra steps.

Moreover, the documentation is ambiguous on how to add database members without the invite step. There are hints scattered throughout the docs but no clear explanation on how this is possible. For example:

"For enterprise use cases, Dexie Cloud also has a server-side REST API that enables realm and bulk member management without requiring an invitation step. The client of such an API could typically sync users from a directory with realm members in Dexie Cloud."

I believe this is a mainstream use case for Dexie. In my application—a subscription-based medicine directory app—users first sign in and pay a subscription fee. Afterward, they should be automatically added to the realm that provides access to the data they need. The invite step complicates this process unnecessarily.

A smoother transition from subscription payment to data access is crucial for a seamless user experience. It would be beneficial to have a clear, documented method for adding users without the invite step.

dfahlander commented 2 weeks ago

It should be possible to explicitely give access to a user without an invite step. Members that are added this way needs to have their "accepted" property set to true and the client that performs this API request need to have a token with GLOBAL_WRITE and ACCESS_DB scopes.

POST /all/members HTTP/1.1
Host: <your database URL>
Authorization: Bearer <token from /token endpoint (with GLOBAL_WRITE and ACCESS_DB scopes)>
Content-Type: application/json

[{
  "realmId": <theRealmId>,
  "email": "foo@bar.com",
  "userId": "foo@bar.com",
  "accepted": true,
  "invite": false,
  "permissions": {},
}]

The id of the realm will then be auto-generated by the server and the "accepted" property will be converted to current Date timestamp and the user "foo@bar.com" will get immediate access to the given realm.

Is this a solution that would work in your case?