What I’m trying to do:
I’m trying to implement log into my app using the discord api.
I already implemented the redirect to the OAuth page and I’m correctly receiving the token and getting user date in an http endpoint defined.
However, I need to use the info received to find an user in my app and force_login the user or create a new user and then do that. Since it’s in an endpoint, it’s not the same original session, so I can’t use force_login. Also, appearantly I can’t return a FormResponse from an http_endpoint to return the user to the app.
Is it possible to force a login into the first session (and also notify the page that the user authorized the login)?
I searched this in the forum, but apparently most people log into anvil FIRST, and THEM request the auth from the other server.
Yes, I read that, but I’m kind of worried about turning cross-site security off, that’s why I asked if there was a better way to do this. It’s just for the specific endpoint, right?
Also, even if I can force_login the browser session using the http endpoint, how can I notify the tab/page that originated the request that the user was logged?
When I have multiple instances/apps that need to communicate, I usually set up a database table to serve as the channel. That way, the timing is a lot more flexible.
What I’ve done in the past is return a redirect from the endpoint to the browser that goes directly to a form on the app that handles the login. So they no longer need the original tab, the new tab has the app open and the user logged in.
That was back in the hash routing days, though. With the new non-hash routing, you could use a form on your app as the redirect for OAuth, and then you’d be in your app proper.
The user clicks the Login button. That redirect to my custom login form;
The user, them, clicks in the discord login option button. This replaces the current window to the discord OAuth form.
Them, they click on the “Authorize” button, which triggers my endpoint.
From this, I thought that I could return a FormResponse, but endpoints can’t do that, so them, after I validated the request, I save the token discord gave me in the user table with a expiration time and return a response with a redirect to a specific route with the token included.
The route only function is to get the token and query for a user linked to it, forces a login and redirects back to the landing page. This seems to work, but…
This makes the app reload, instead of being a seemlesly process.
After the discord form redirects to the endpoint and the endpoint processes and returns the redirect response, between steps 4 and 5, the app is shown again for a brief moment before reloading and processing the login as expected in step 5. This is puzzling me since it’s what I actually wanted: to just return to the exact state before the discord form is opened, AND THEN process the login in that session somehow.
Right now it’s working, but still not 100% though.