Replies: 2 comments 6 replies
-
I was looking at the emails that get sent out t and the verification happens via a link to nhost.run server which then redirects back to our site? So there is no way to verify the email on our own server? I'm also a bit confused by this auth flow. Even if we use the nhostprovider, how is the client actually informed that there was a verification, if this is done on a different server. Usually with the auth libraries we work with, you grab the code from the URL and see if matches the code in the database. But this is not happening here, so how does this even work. nhost.run can't set a cookie on our server with the token. |
Beta Was this translation helpful? Give feedback.
-
correct
the redirect will either include the
That's what the server does when you visit the URL. Well, that plus a couple of other checks but the most important one is validating the code is valid.
Correct, that will happen on the frontend application so if you are implementing this workflow yourself you will have to do this yourself, otherwise, our SDK handles this automatically.
Magic link works the same way.
If you mean our SDK, that's correct. Our SDK implements all the common workflows but you are free to implement them yourself. Everything is available through the auth's API and there is no need to use our SDK if you don't want to or if you are using a language for which we don't haven an SDK (i.e. our CLI, written in go, will just make calls to the auth service directly) If you have more questions don't hesitate to let us know. |
Beta Was this translation helpful? Give feedback.
-
for various reasons, we think we may have to do authentication on the backend of application instead of using the frontend provider with nhost.auth. So we are investigating doing this by just hitting the backend api for Nhost. Have two quick questions:
What backend request (docs here https://docs.nhost.io/reference/auth/sign-up-email-and-password), do we use to confirm the user after signup? After signup, they need to confir their email, so they get a link in their email with a code in the URL. We grab that code and send it to our backend, but how do we check if the code is the same? We don't see any backend functions to actually verify the user. The database stores something called ticket: verifyEmail and hash, but how do we now verify it? Checked the docs to find a verifyEmail backend function, but can't find it.
Same question with the magic link. how is the magic link actually confirmed via a backend call, what endpoint is used?
Is the benefit of using the frontend, just because all the code is set up already, because it seems like the basic idea here is simple. Login via the Auth service, get back a token, save that token locally (either in cookie or localstorage) and then use that token for requests etc. I see that the frontend has some sort polling set up to constantly generate new tokens of the refresh, but that's also something that we dn't really need.
Beta Was this translation helpful? Give feedback.
All reactions