W
Wasp•2mo ago
mgp25

auth/me delivering too much info to client

Wasp version: 0.13.x I am seeing the requests /auth/me and it returns too much info to client. I haven't seen anywhere to limit the info provided to client or at least in a more clean way. Thank you
3 Replies
kapa.ai
kapa.ai•2mo ago
Hi @mgp25. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave: ---------------------- You raise an important point about the /auth/me endpoint in Wasp. Based on the provided knowledge sources, there are a couple of relevant aspects to consider: 1. By default, Wasp fetches the User entity via a simple Prisma query when authentication is required for a Page, and this can indeed return all the fields of the User entity. 2. There is currently no built-in way to limit the information returned by the /auth/me endpoint specifically. However, there are a couple of approaches you can consider to address this issue: 1. Use userSignupFields: While this is primarily used for social auth providers, you can use it to control which fields are stored for a user. This indirectly affects what's returned by /auth/me. Social Auth Documentation 2. Custom Query for User Fetching: There's an open feature request to allow specifying a custom Query for fetching the user, which would allow more control over what's returned. However, this feature is not yet implemented. GitHub Issue #1554 For now, the most direct way to limit the information sent to the client would be to create a custom query or action that fetches only the user information you want to expose, and use that instead of relying on the /auth/me endpoint directly. It's worth noting that this is an area where Wasp could improve, and the development team seems to be aware of the need for more granular control over user data exposure. ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ---------------------- Sorry @mgp25, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist: Perhaps try again in 15mins?
miho
miho•2mo ago
What kind of info are you concerned about? 🙂 Users will receive only their info
mgp25
mgp25OP•2mo ago
Even if its user related info, there is still a lot of info that gets "exposed" while not being required. This is just an example: 
"providerName": "...",
"providerUserId": "...",
"providerData": {
    "isEmailVerified": true,
    "emailVerificationSentAt": "...",
    "passwordResetSentAt": null
},
"providerName": "...",
"providerUserId": "...",
"providerData": {
    "isEmailVerified": true,
    "emailVerificationSentAt": "...",
    "passwordResetSentAt": null
},
Maybe it is just me, but maybe reducing the data sent to client to be only just the required at the moment would be great. Like there is too much info for the context while not being strictly required

Did you find this page helpful?