Implementing a user sign-in to multiple accounts, and placing an account switcher.
did someone do this before?
41 Replies
Hi @devrim. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:
----------------------
Currently, Wasp doesn't support multiple auth identities for a single user. This means a user can't have both an email-based auth identity and a Google-based auth identity. However, this is a feature that is planned for the future with the introduction of the account merging feature. Account merging means that multiple auth identities can be merged into a single user account. For example, a user's email and Google identity can be merged into a single user account. Then the user can log in with either their email or Google account and they will be logged into the same account source (https://wasp-lang.dev/docs/auth/email).
For social login options, Wasp currently supports Google, Github, and Keycloak. When a user signs in for the first time, Wasp creates a new user account and links it to the chosen auth provider account for future logins source (https://wasp-lang.dev/docs/auth/social-auth/overview).
To implement social login with default settings, you can add the provider (e.g.,
google: {}, gitHub: {}, keycloak: {}) to the auth.methods dictionary in your main.wasp file source (https://wasp-lang.dev/docs/auth/social-auth/google#default-behaviour), source (https://wasp-lang.dev/docs/auth/social-auth/github#default-behaviour), source (https://wasp-lang.dev/docs/auth/social-auth/keycloak#default-behaviour).
However, there is currently an open issue on Github discussing the implementation of better user account merging logic, which might be relevant to your question source (https://github.com/wasp-lang/wasp/issues/954).
Please note that this is based on the current state of Wasp and may change in the future as new features are added.
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
Sorry @devrim, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist:
Perhaps try again in 15mins?my question is @kapa.ai is not signing in to one account using different auth providers, having one person switch between multiple distinct accounts they have without logging out and logging in.
Let me check the knowledge base for you. One moment! :books:
----------------------
I'm sorry for misunderstanding your question earlier. As of now, there is no specific feature or documentation in Wasp that directly supports switching between multiple distinct user accounts without logging out and logging back in.
The current authentication system in Wasp is designed to handle one user at a time per session. When a user logs in, a session is created and linked to that user. The session is then used to authenticate subsequent requests from the user source (https://wasp-lang.dev/docs/auth/entities#example-app-model).
If you want to implement a feature that allows a user to switch between multiple accounts, you would likely need to manage multiple sessions and switch between them as needed. However, this would be a complex feature to implement and is not directly supported by Wasp at this time.
Please note that this is based on the current state of Wasp and may change in the future as new features are added.
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
Sorry @devrim, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist:
Perhaps try again in 15mins?
Why would you need a user to sign in to multiple accounts? If they are multiple accounts, they should be separately credentialed. I cannot think of a good reason to implement a feature like this. Care to elaborate?
think of your google login, you have your @gmail then you have your @company.com mailboxes and google accounts associated with each is different.
you log in to them separately but you don't log out from the previous one
Okay, so you want SSO?
i'm not sure if that's what that is called
Single sign on
You'd have to write custom logic for that, I am not aware of SSO coming with Wasp out of box
no i don't think that is called SSO
SSO is what okta does. you login once, they log you in to all other services on your behalf
what we are talking about here is you have two separate logins to the same system
one is personal, other one is a company account
SSO is not required
ok walk me through
i register with my gmail account using your app
now i have another email that i want to use to login to the exact same account?
yes the one that is given and paid by a company you work at eg
Wohooo @devrim, you just became a Waspeteer level 3!
plus your personal
it is not so straightforward but a naive solution would be implementing a table that allows you to store the other email of the user and then do a cross check during sign on
add companyEmail field on user or userProfile table
keep everything else the same, during sign on I can use either my company email or personal email, but i use the same password
you check both columns in database
that won't do it. companies would like full control of company accounts, can't be connected to the other.
good way to think about this, you have two sets of username/password, how can we switch between them without making user logout
as in, you want to check your gmail, then want to check your work emails. you don't logout of gmail, you switch.
https://en.wikipedia.org/wiki/Single_sign-on
Without a naive solution, that's a lot of work, good luck
no we're not talking about SSO. but thanks.
maybe someone else made something similar, i'll stand by.
https://auth0.com/docs/api/management/v2/users/post-identities
i wouldn't try to implement it from the scratch
try to find an existing solution, even with that, it is not going to be easy to do it right
look i want to be polite, but SSO ain't it. if you could stop suggesting that that'd be great so others can chime in
lol ok
SSO in this case would be non-compliant, and a non-starter
also not the problem. SSO means, i log in with my gmail, and that logs me in to my work emails.
you gave Gmail as an example, but whatever good luck
@sodic would you have an idea about this?
Hey, I think I get what you mean, you want the app to offer a dropdown with all the accounts you're logged in.
I'm not sure how I'd go about implementing this (in Wasp or otherwise). Web apps sesions usually include a session key that only identifies a certain account. To do this, you'd have to keep both sessions alive (i.e., somehow change them without logging out the user), which Wasp doesn't rally support.
Hmm, @devrim, can you give an example of a web app that does this, so I can go check it out. You mentioned google, but from what I know, they just open a new tab and log you into the other account. Is there an app that does it on the same page, or would this behavior be enough?
Hi @sodic yes you got it. there are many of them surely you know, Instagram Twitter slack to name a few. I found this article that goes over: https://medium.com/@Shiran/it-is-all-about-the-feature-experience-today-switching-accounts-3c3626675227
Medium
The story of switching accounts
I’ve just finished doing market research about the option to switch accounts. I want to share here some insights.
Usually when the auth completes with one account it sets a cookie, you write that cookie to local storage, with an expiration date, when user switches back, you set that cookie back so that user do not need to enter password
really difficult to implement imo. You have to keep all logged in accounts in session storage and display them in the dropdown, when user switches acc, you refresh the old token maybe?
Other possible solution would be to connect 2 accounts on db level somehow and go from there, but again really hard to do properly without security breaches :/
This way we will know all accounts of the user, display in a list
Yes but not that difficult. Just need to know what wasp is using to auth a user in the browser (is that a cookie? Or some react vars?)), and set that to local storage and set it back upon switch.
sure but also make sure those tokens will be valid for renewal after X months
cool that's what i was asking for. so that sessionId establishes the auth?
Looks like it but @miho @sodic can confirm
I deleted it and Im no longer logged in so this is what you are looking for, but again keep in mind you have to find out how long the tokens are valid for
also need to find out where it's being set, and hopefully we can get a hook back vs changing the wasp internals
Found this, you can import this
setSessionId method in ur code and set the user you want
this is the function itself
Just for clarification, since a convo above got a bit long:
What we are talking about here is the ability to be logged-in with multiple accounts at the same time and switch between them easily via UI (e.g. account switcher widget)? Like Twitter or GCalendar offer?
If so, this shouldn't be super hard to implement on our side, although it takes a bit of work. We will want to store multiple login details on the frontend (cookies), and track multiple sessions on the backend (maybe we alredy do I would need to check).
Another question is can you (Wasp user) implement this on your own right now? I am not sure but even if you can I imagine it would be a bit finnicky, you would have to deal with our internal stuff.
Let's see what @miho says, he knows the most about our Auth since he implemented most of it and will be able to answer much faster than me.
In general I think this is quite an interesting idea, if we manage to flush it out a bit more here we can open a Github issue and track it there as a future task, to implement.
We keep the session ID in local storage. You could keep track of the session ID for each account somehow and just swap it out so things in Wasp keep working as Wasp expects them to.
Let's take a look at auth solutions out there like Auth0, Supabase Auth, Clerk etc. I'm not sure they also offer this out of the box. For example, Clerk gives you low level APIs to manipulate sessions (list them, set the active one) and build with it: https://clerk.com/docs/custom-flows/multi-session-applications
IMHO what I just talked about can be achieved by just manipulating the value in
localStorage by the user. Wasp could of course, accept that this is a use case it wants to support and offer a higher level API like getSessions() or setActiveSession() or smth like that.Custom Flows: Build a custom multi-session flow
Learn how to use the Clerk API to add multi-session handling to your application.
>We keep the session ID in local storage. You could keep track of the session ID for each account somehow and just swap it out so things in Wasp keep working as Wasp expects them to.
perfect. thanks @miho
@miho could you please create GH issue for this? Nothing too long, you can just repeat what you said here + link to this convo. It will give us a place to follow this idea, we don't have to commit to doing it though, just track it there.
Here's the bad boy: https://github.com/wasp-lang/wasp/issues/2265
GitHub
Multi-session support (account switching) · Issue #2265 · wasp-lang...
Some services allow users to easily switch between multiple accounts without logging out and logging in again. Think, Google and multiple different Google accounts in a drop down. Wasp Auth could s...
oh wow! didn't know you guys were this fast! (oops. edit, thought it was a PR 😄 my bad, still impressive though!)
Haha, wow for a moment I got excited there while reading your message, thought it is indeed a PR :D. Hah sorry just an issue for now :D. But let us know if you implement it in userland on your side, would be helpful to hear about any learnings you had while doing it, it would probably help us once we get to implementing it.