DEV Community

loading...

Discussion on: How to add user authentication to your MVP using FaunaDB

Collapse
bulletninja profile image
Bulletninja

I just found your article, but i've implemented something related, although i'm still trying to understand and learn how the roles work. My implementation doesn't fetch the secret and the user at once yet, but i'm able to login and get a client token back. I think i should be able to fetch the corresponding user. First by creating a faunadb client, and then running the query. But when i do that i get "insufficient privileges to perform the action".

How does the token itself get the role attached? Is the "role" parameter enough for faunadb to automatically know the token it returns on login has the role or do i have to do something else?

Collapse
sandorturanszky profile image
SandorTuranszky Author

Have you set the Membership for the role?
This is from the article:

Now let’s look at the membership. By adding the User collection, we state that all users who are members for the User collection will be granted the privileges we’ve defined for this role, once they obtain a valid token using the Login function.

And this is how I check that the all actions defined in the DEVELOPER role are actually applied to all users with DEVELOPER role.

  membership: [
    {
      resource: Collection("User"),
      predicate: Query(
        Lambda("userRef", 
          Equals(Select(["data", "role"], Get(Var("userRef"))), "DEVELOPER")
        )
      )
    }
  ],

You should also make sure, you allow your role to read the index that fetches a user.

Let me know if you need help.

Collapse
donaldboulton profile image
Donald W. Boulton • Edited

Did this twice and It simply will no do auth.

Its a confusion between Author and User, did this 3 times to same effect. Author on Course is null on page query which is confusing as it works with mutations. Had to add author data manually.

Will update when I figure it out.

Collapse
sandorturanszky profile image
SandorTuranszky Author

What exactly did not work? I posted only working code hence I can prove it works.

Thread Thread
donaldboulton profile image
Donald W. Boulton

HAs something to do with membership I will figure it out.