Fork me on GitHub
#hyperfiddle
<
2023-12-28
>
Hüseyin Yavaş11:12:59

Hi, I have a question about storing login credentials. https://stackoverflow.com/questions/77711194/best-practice-for-storing-login-credentials-in-clojurescript is stack overflow link. Do you have any suggestions?

Vincent17:12:41

why is the only answer so far 'don't store them"? 😆

Vincent17:12:12

clearly you need to store them on the clientside, you need to not leak client info but keep it in localstorage

Vincent17:12:14

what can you keep that won't let others mess with an account? you can "sign every request" and check the signing, you can use the JWT approach and send a "header, payload, checksum" where the header has an algorithm for writing the checksum specified. then you only accept the payload if the checksum matches what you think it should -- because then you know the data wasn't tampered with

🙏 1
Vincent17:12:58

People are so averse to answering simple questions with confident answers, I don't get it, someone who actually has this problem should answer 😂

Dustin Getz17:12:58

I think the real question is, "How do have a persistent session in Electric" (as stated in the top comment). The serious production answer is that there are many different ways you might want to do this with varying implications, and most require backend integration at the http server level. The quick and dirty answer is I think what Vincent said – you can use localstorage

🙏 1
Dustin Getz17:12:23

We're upgrading to Ring 1.11 soon which just got websocket support; this will allow us to drop the jetty boilerplate and do everything using the typical Clojure approaches

🙏 3
Dustin Getz17:12:54

After we do this, we'd like to add a better auth strategy to the starter app (perhaps even with Auth0 or something like that so that you get single sign on out of the box). No promises for when we do this

👍 3
Dustin Getz17:12:31

Users are welcome to contribute this, none of this requires any Electric internals knowledge

Hendrik13:12:05

I store a session ID in local storage and then check that id on the server. Roughly:

(e/client
 (let [id (read-from-local-storage)]
   (e/server (when (is-authenticated id))
       (do-something))))

😮 1
danbunea15:12:31

about auth0 or some SSO I'd be willing to help, if you need me

👀 1
Dustin Getz17:12:13

PR's or even demo repos welcome, if you decide to work on this I'd be happy to do a zoom call

danbunea11:12:51

I am not very experienced with auth0, but I will make an attempt at the beginning of January to make it work.

Dustin Getz13:12:30

ok let’s definitely zoom i have an old auth0 integration lying around from hyperfiddle-2020 that at least has all the java and jwt code bits you’ll need

danbunea15:12:18

Ok, but it’ll have to be after Jan 2nd

👍 1