The meeting involved a discussion between State Changers on authentication workflows and token storage using platforms like Xano, WeWeb, and Bubble.
The first State Changer described a challenge with designing a simple login/logout function and the subsequent difficulty with figuring out how and when to log out once logged in. The function involved submitting user credentials, receiving the authentication token, and then storing it safely. The debate arose around where this token should be stored. They talked about Mike's method of including the token in the URL as a parameter. While this is workable if the token can persist in the URL, concerns emerged regarding the security threats of such a method. Others suggested local storage plugins, with both WeWeb and Bubble being named as platforms that consider this differently; Bubble providing more of an abstracted approach. The talk moved to how the token should be issued, specifically using Xano's platform. They walked through creating an endpoint and how to renew authentication. The endpoint would produce a new token that's good for another day, offering continuous authentication without prompting the user to log out periodically. The participants noted this new token should be updated regularly and associated with an often-accessed workflow, with updates to parameters whether stored in the URL, local storage, or a cookie. The overall conversation centred around the concerns of token storage and longevity with various methods examined for securing user sessions effectively. Both plugins and platforms such as Bubble, WeWeb, and Xano played significant roles in the discussion. It acknowledged the need to ensure enhanced security levels while providing continuous authentication.
(Source: Office Hours 1/9 )
