This SO question could've been resolved if we had explained that you need to make a connection to Horizon based on whether the user has a token or not when you have some data that is available to unauth'd users.
Right now under https://horizon.io/docs/auth/we make it seem like you just pick and use one:
Depending on your application, you can choose one of three types of authentication handling by passing the authType option to the Horizon object constructor.
With the addition of permissions there's a lot more flexibility with things people can and can't see. So we aren't really doing a good job of explaining all the possibilities or what a standard app with both public and private data might look like.
Maybe something like:
If you have some data that is visible publicly by default you will need to allow users who haven't authenticated to still connect to Horizon. As well, when an token is detected in the browser form a successful authentication, you'll want to make an authorized connection to Horizon.
let horizon;
if (horizon.hasAuthToken()){
// Users who have authenticated will create a connection with their token
horizon = Horizon({ authType: 'token' });
} else {
// Users without a token will use an unauthenticated connection
horizon = Horizon({ authType: 'unauthenticated' });
}
An example application of this might be a blog platform where some posts are public to unauthenticated users, yet private posts and drafts are only visible to certain users or the owner of the posts.
This SO question could've been resolved if we had explained that you need to make a connection to Horizon based on whether the user has a token or not when you have some data that is available to unauth'd users.
Right now under
https://horizon.io/docs/auth/we make it seem like you just pick and use one:With the addition of permissions there's a lot more flexibility with things people can and can't see. So we aren't really doing a good job of explaining all the possibilities or what a standard app with both public and private data might look like.
Maybe something like:
If you have some data that is visible publicly by default you will need to allow users who haven't authenticated to still connect to Horizon. As well, when an token is detected in the browser form a successful authentication, you'll want to make an authorized connection to Horizon.
An example application of this might be a blog platform where some posts are public to unauthenticated users, yet private posts and drafts are only visible to certain users or the owner of the posts.