Hello,
Our need is to share user and roles of an existing wix site, with a mobile app developed by us. Basically, all we need is to grant access and get roles for the current user.
What we did is to use a backend module and create a jwt token based on the user who could log in:
import wu from 'wix-users-backend';
import jwt from 'jsonwebtoken';
import wixData from 'wix-data';
const key = "******";
export async function getToken(issuer, emailIn, jws) {
let email = emailIn;
let uid = "";
if (!email) {
email = await wu.currentUser.getEmail();
uid = wu.currentUser.id;
}
else if (jws) {
jws = jws.substring(4);
console.log("fixed jws: " + jws);
let res = jwt.decode(jws)
let data = JSON.parse(res.data)
console.log(data);
uid = data.id;
}
return jwt.sign({
uid: uid,
user: email
}, key, {
issuer: issuer
});
}
export function validateToken(token, issuer) {
return jwt.verify(token, key, {complete: true, issuer: issuer});
}
to handle registration/login we could call the get token from an htmlpage in an embedded webview.
Otherwise, for the login we can use an http-function with the following code:
let jws = await wixUsers.login(body.username, body.password);
console.log("jws:" + jws);
let token = await getToken(request.baseUrl.replace("/_functions", "").replace("/_functions-dev", ""), body["username"], jws);
options.body = token;
but one problem is that “wixUser.login” doesn’t actually authenticate the user (currentUser remains null) and we are not able to access to the user roles. (we can only read the jws and get the user id)
another problem is the token validation. We are able throught the http-functions to validate the token, but, again, it is only a validation, not an authentication and we are not able to authenticate the user to read the user roles.
Any suggestion of how to achieve this?
Thank you in advance,
Mirco