Discussion on Authentication, Error Handling, and Refreshing Token Strategies in Xano and Bubble
The meeting largely focused on technical discussions around user authentication with notable emphasis on Xano and Bubble. The initial issue addressed was the implementation of a password authentication system in Xano alongside an exploratory discussion on an unhandled error workflow in Bubble.
Throughout, the discussion weaved through several crucial key points:
1. The process of creating an Auth token in Xano and handling the logged-in state in Bubble.
2. The complexities around unhandled errors were unpacked. Simplistically, an unhandled error reflects when something breaks unexpectedly. To guard against this, two measures can be implemented. Firstly, log the error to facilitate future analysis to identify and subsequently rectify the problem. Secondly, redirect the user away from the potential problem, often by logging them out; a measure to “clean the house”.
3. The use of refresh tokens to repeatedly generate new auth tokens was proposed as a way to keep extending the session when users navigate from page to page within the application.
4. The concept and process of a longer-term, more complex approach deriving from the refresh token pattern were discussed. This pattern involves the use of offline access and refresh token, where access tokens would last between an hour to 24 hours and refresh tokens between 30 to 180 days. However, due to its more complex security implications, such an implementation would only be necessary in more specific contexts, like mobile applications.
5. Lastly, the option of using an external authentication system like Auth0 was considered for future developments where higher security is needed.
In summary, this meeting touches upon the complexity of building secure and robust authentication systems, and it might appeal to someone interested in how to manage user authentication and handle unhandled errors in Bubble and Xano.