I have a couple of questions about setting up Auth.
-
My Users table in the 8base console is not showing users even though usersList shows me my test user in the api explorer. Any idea what’s up?
-
I’m not quite sure how my test user got in there when it seems as though a lot of things from the React SDK auth documentation are outdated? I used this mutation from the docs
const SIGN_UP_USER = gql` mutation userSignUp($user: UserCreateInput!) { userSignUp(user: $user) { id email } } `;
but it looks like this mutation doesn’t exist and I should be using userSignUpWithToken?
- Is there a way to customize the fields and signup flow with the 8base strategy?
We’re in the process of making some changes to the structure of our Users table to fix this. However, it’s not an issue as much as it is a configuration.
8base’s system considers team members (accounts with access to the workspace) as App users so that they can authenticate calls to the API. However, since these accounts have not “signed-up” for via the app, they are not appearing in the users table.
@sonicrida What fields are you looking for customize? When you end up using the userSignUpWithToken or userSignUpWithPassword mutation, the UserCreateInput allows for any fields available on the User table to be specified. Including custom ones you may have added to the Users table.
I do think that the react Documentation is pretty outdated at this point. I’ll do my best to prioritize some updates!
@tehfailsafe we’re also in the process of fixing the “Email already exists” error as well. What’s happening is that the tables have soft delete currently. However, we’re going to be updating this so that users can specify whether or not they want to be able to have deleted rows restored, or permanently deleted.
Any update on this? I still have a lot of users from testing, and still testing more.
Hey @tehfailsafe - so this ended up being something a little different than the soft-delete issue.
When a user signs up for 8base, they are added to the authentication provider (8base’s auth0 or 3rd party authentication provider using OpenID specification). That is the system that then allows them to authenticate securely and returns a idToken that can be used to authenticate against the 8base API. Using that token, you then use the API to check if a user RECORD exists in 8base, and if not, add the one.
This means that if you go into 8base and delete the record, the users authentication profile still exists in the Authentication Provider’s system. Therefore the userSignUpWithToken mutation will fail. However, you’re still able to use the userCreate mutation to re-add the user record!
This way, when the user next authenticates with their email address, querying the API will map the email in their idToken’s payload to the record in 8base’s user table.
Check out this threat to understand that whole process a little better too!
1 Like
Page not found
And I think “threat” should be “thread”?
Thanks @sebastian.scholl If that is the case why I was I getting errors when trying to add mandatory fields which would break existing users without a default value? I’ll double check that it’s still happening when I get home
Actually, there is more to this than just the auth users.
I can still log in as those deleted users AND run mutations against them to change things like firstName … If they are deleted I shouldn’t be able to run these mutations, or query for things like invoices owned by a user that was deleted, etc. But I can.
1 Like
@tehfailsafe Do you use custom auth0 account for user management? Could you specify have you deleted user from 8base or from auth0 account?
1 Like