W
Wasp-lang4mo ago
Stefan Vitória

Reuse auth from wasp/opensaas in other apps

I plan to create an extension to complement my app. Has anyone done something similar or had a way to use the session/authentication of opensaas/wasp app auth
5 Replies
MEE6
MEE64mo ago
Wohooo @Stefan Vitória, you just became a Waspeteer level 3!
kapa.ai
kapa.ai4mo ago
Hi @Stefan Vitória. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave: ---------------------- Currently, Wasp doesn't directly support reusing its authentication system in other applications like mobile apps or browser extensions. However, there are some workarounds you could consider: 1. Generate an API based on Operations: One of the simplest forms of Wasp generating something that mobile and other clients can consume is by generating an HTTP API based on the Operations. This idea was discussed in a Github issue (https://github.com/wasp-lang/wasp/issues/1475). 2. Use JWT (JSON Web Token): You could create a JWT for the user upon successful authentication and send it back to the client. This token can then be used to authenticate the user in your extension. Here is an example of how you could implement this in Wasp: 
// generateJwt.ts
import * as jwt from 'jsonwebtoken';
import { Request, Response } from 'express';

async function authenticateUser(username: string, password: string): Promise<{ isAuthenticated: boolean; userId?: string }> {
  // TODO: Implement actual user authentication logic here
  // This should fetch the user's ID from the database based on the provided username and password
  // For demonstration, assuming authentication is successful and returning a mock user ID
  return { isAuthenticated: true, userId: 'user123' };
}

export async function generateJwt(req: Request, res: Response): Promise<void> {
  const { username, password } = req.body;
  try {
    const authResult = await authenticateUser(username, password);
    if (!authResult.isAuthenticated) {
      res.status(401).json({ error: 'Invalid credentials' });
      return;
    }
// User payload for JWT
    const userPayload = { username, userId: authResult.userId };
    // ...
  } catch (error) {
    // Handle error
  }
}
// generateJwt.ts
import * as jwt from 'jsonwebtoken';
import { Request, Response } from 'express';

async function authenticateUser(username: string, password: string): Promise<{ isAuthenticated: boolean; userId?: string }> {
  // TODO: Implement actual user authentication logic here
  // This should fetch the user's ID from the database based on the provided username and password
  // For demonstration, assuming authentication is successful and returning a mock user ID
  return { isAuthenticated: true, userId: 'user123' };
}

export async function generateJwt(req: Request, res: Response): Promise<void> {
  const { username, password } = req.body;
  try {
    const authResult = await authenticateUser(username, password);
    if (!authResult.isAuthenticated) {
      res.status(401).json({ error: 'Invalid credentials' });
      return;
    }
// User payload for JWT
    const userPayload = { username, userId: authResult.userId };
    // ...
  } catch (error) {
    // Handle error
  }
}
This code was discussed in a Discord support thread (https://discord.com/channels/686873244791210014/1223328118278983680). 3. Use WebView in your app: Another workaround suggested in a Discord support thread (https://discord.com/channels/686873244791210014/1219117797364334612) is to load a WebView in your app that opens the web app in Wasp, specifically login/signup, and tries to authenticate the user. You could then potentially obtain that data somehow in your mobile app and send it with requests. Please note that these are workarounds and might not be the most efficient or secure way to handle authentication in your extension. It's recommended to implement a proper authentication system for your extension that suits its specific needs. ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ---------------------- Sorry @Stefan Vitória, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist: Perhaps try again in 15mins?
martinsos
martinsos4mo ago
Ah yes this is somewhat tricky at the moment -> we don't have a proper support for this yet! We have this planned for the future, but now we don't support it out of teh box. You could though implement your own auth logic in the extension that utilizes Wasp's auth, but that is not trivial and would require some work. @miho will be able to answer in more details (you might need to wait till Monday)
Stefan Vitória
Stefan Vitória4mo ago
No problem. I can wait. Actually it's for the next step of my saas. I am just studying the possibilities... But is it possible right now right? Even if it's not out of the box, just the possibility is enough for me kkkkkkk. I wait to see what he will say. Been asking a lot, hopefully I will be able to help you guys answer one's coming later
martinsos
martinsos4mo ago
Certainly possible! We actually have GH issue opened for this, check it out: https://github.com/wasp-lang/wasp/issues/1973 . You could do it right now, it is just that you would have to do quite some work on your own, digging into .wasp/ dir to see how auth works, and it would be PITA in that sense. As the issue says, we could actually make this quite easier by better documenting how this should be done + making some APIs public on our side. That would already be much better, and I think we might do this in the following months. Next step would be that we produce an actual library you can just plug in and use -> that is also certainly doable but more work for us so I am not sure when will we get to that. And keep asking quetsions -> it helps us to understand what people need and why, so it is super valuable! ANd these are good questions, educated. Let's see also what Miho says, although I think this is it.
Want results from more Discord servers?
Add your server