Open EugeneDraitsev opened 9 months ago
thank you for the ticket, will add examples
Thank you for the fast response! It would be really great to see some examples!
I made some workaround and created static login and redirect-callback pages, but I was not able use passwordless token as token for admin panel for some reason.
I receive a loginToken
in my email, I can get jwtToken
from /api/passwordless/login
endpoint, but when I try to use this jwtToken
with Stapi Admin Panel (set it in session storage) or with Strapi API (/admin/users/me) I get an error:
{
"data": null,
"error": {
"status": 401,
"name": "UnauthorizedError",
"message": "Missing or invalid credentials",
"details": {}
}
}
I also tried to renew this token with admin/renew-token
endpoint, but still got almost the same error:
{
"data": null,
"error": {
"status": 400,
"name": "ValidationError",
"message": "Invalid token",
"details": {}
}
}
It looks like I'm missing something, It would be really great if you can help me with it.
My Strapi and plugins versions:
"@strapi/plugin-users-permissions": "4.20.2",
"@strapi/provider-email-nodemailer": "^4.20.2",
"@strapi/strapi": "4.20.2",
"strapi-plugin-passwordless": "^4.0.15"
I run Strapi in docker with node:20-alpine
and mysql:8-oracle
@kucherenko, I figured out why jwtToken
doesn't work in the admin panel, and now I feel like I just don't really understand how this plugin works. I am trying to authorize stapi admin panel users using this plugin, but for some reason, if I create a user with the passwordless plugin, it creates the up_users
table but doesn't exist in admin_users
. I also can't send a login email to existing users emails (by the same reason, they exist in admin_users
, but not in the up_users
).
Is it by design of this plugin or maybe I'm still missing something? It would be really great if you help me to understand it!
@EugeneDraitsev yes, you are right, the plugin supports passwordless authentication for public users for sites powered by strapi, the admin panel of strapi has different ways to authenticate users
Oh, thank you for the clarification! It was not clear from the documentation, but now it all makes sense. Do you plan to add the ability to support authorization of admin users in the future?
I have plans to add authentification with Time-based One-time Password Algorithm first, after that will think about the request
Thank you for the sharing! I'll keep this ticket open to track its initial purpose: "Documentation or example of frontend flow"
@kucherenko Why is documentation for the passwordless plugin excluded in the register.js
file?
My only thinking right now will be a security concern but I am not quite convinced about that.
Hi!
I have a question on the Frontend part of passwordless out. The API works great, I get emails with the correct token and can use it to get the correct jwt-token!
However, I don't quite understand how to use it with Strapi (v4) as there is now no way to customize the default strapi login page and no way to display a custom button + input to request email with passwordless link. I also don't really understand how to handle the redirect, as there is no documentation about custom pages in strapi where I can control the redirect logic.
Do you have any examples or frontend documentation for a passwordless authentication flow for strapi?