Implementing custom authentication with Pocketbase

illuminating_egret · November 7, 2023, 3:09pm

Hi Everyone…

I wanted to get some help regarding implementing custom auth.

So basically I am going with Pocketbase for the moment it has its own sdk for it . & Also it supports api calls & returns JWT Tokens.

Plasmic Docs are good, But needed some direction.

fmota · November 7, 2023, 5:07pm

Hi @illuminating_egret is there any specific doubt that you have ? Or do you want some direction in which code you need to add into your application ?

illuminating_egret · November 7, 2023, 6:17pm

I need direction… Because when we use normal jwt token auth or passport… Its simple… server generates the token & its checked for each request or page right?

What i don’t understand is if plasmic auth generates a token too… How does that work & if possible… How to make this work with pocketbase… because i think pocketbase offers easiest auth system.

fmota · November 8, 2023, 12:17am

Plasmic auth also generate a token, this token should be used when you have data source operations that you protected with plasmic auth (by setting a min role), this token just need to be passed into <PlasmicRootProvider> and the rest is handled by Plasmic. I am not familiar with PocketBase, but from reading their documentation, I believe you can call ensurePlasmicAppUser right after authenticating an us (https://pocketbase.io/docs/authentication/), this should be similar to https://github.com/plasmicapp/plasmic/blob/master/examples/supabase-auth-nextjs-pages-loader/utils/plasmic-auth.ts which is our example with supabase

illuminating_egret · November 8, 2023, 5:55am

can we use integrations & data operations with auth in codegen using custom auth ?

illuminating_egret · November 8, 2023, 8:19am

also can i Use this code… for my purpose…

import { NextApiRequest, NextApiResponse } from ‘next’;
import PocketBase from ‘pocketbase’;

const pb = new PocketBase(‘http://your-pocketbase-server-url’);

export default async (req: NextApiRequest, res: NextApiResponse) => {
if (req.method === ‘POST’) {
const { email, password } = req.body;

// Validate user credentials (e.g., against your database)
// ...

// Authenticate the user with Plasmic using PocketBase
const result = await pb.collection('users').authWithPassword(email, password);

if (result.error) {
  // Handle authentication error
  res.status(401).json({ error: result.error });
} else {
  // Authentication was successful
  const { user: plasmicUser, token: plasmicUserToken } = result;

  // Store the Plasmic user token securely (e.g., in a session or cookie)
  // ...

  res.json({ message: 'Authentication successful' });
}

} else {
res.status(405).json({ error: ‘Method Not Allowed’ });
}
};

@yang