Feature: Allow getting & validating signin token without authenticating token about surrealdb.js HOT 8 CLOSED

Okay, so purely about auth. I would honestly rather suggest just to open a new connection to validate auth and to close it afterwards. The .authenticate() method will return true if successful (note that the experimental HTTP client does not validate the token, the WS client does). You can optionally also use the .info() method to select the data from the scope user's record.

Selecting should not trigger any updates, unless you are doing complex logic with futures :)

from surrealdb.js.

Hello
Can I get an opportunity to work on this issue? I'm very much interested in this project, and I'm very familiar with node.js. Thank you.

from surrealdb.js.

@woodmark-dev yes, please feel free to take this up if you're interested in it. We'd be glad to help out if you need any assistance! ^_^

from surrealdb.js.

Hi @LeoDog896, as for retrieving the currently authenticated user's record, we have the .info() method. @woodmark-dev I think we track the token internally already, we can simply add a method to return that token when invoked. Feel free to open a PR for that, thanks!

from surrealdb.js.

Oh, to add @LeoDog896, the .signin() and .signup() methods currently already return a token for the authenticated user. The types for the .signin() methods need to be adjusted to always return a string (the token), as root users now also get back a token. This means that you will either receive a token, or an error will be thrown 😁

from surrealdb.js.

We have the .info() method for retrieving the currently authenticated user's record.

Absolutely! However, that requires authenticating the current scope. Still, since I'm doing this server-side, I don't want to authenticate the server-side connection with this user scope - I would like to be able to query it without mutating the authentication state of the current connection.

EDIT: Thanks for this! I realized the original issue I made encapsulated my original problem, but what I was looking for.

Essentially, I want to do server-side sign-in/sign-up logic without duplicating the permission logic from both the server and client state.

For example, if I can have a method for signin or signup that returns the auth token WITHOUT authenticating the current connection, then I can use that token and see if that token has permission to run a given query, meaning that I can use SurrealDB's native permission logic without having to copy it twice to my SSR logic.

Code sample:

await db.connect('https://cloud.surrealdb.com/rpc', ...);

// normal client-side usage
await db.signin(...)
await db.query(...)

// server-side usage that doesn't mutate the current db state
const token = await db.signinOnly(...)
await db.tryQuery(token, ...)

(This feature may be crucial for SSR-powered web frameworks like Next or SvelteKit to work efficiently with SurrealDB)

By the way, since I realize I'm asking a lot, I don't mind working on this feature myself whatsoever 👍

from surrealdb.js.

Ah! So to confirm if I understand this correctly: Do you want to be able to essentially dry run queries to see how they will affect the database?

from surrealdb.js.

Not in that full scope, but essentially a dry-run signin/signup query, and the ability to use those signin/signup queries in requests. The actual (name pending) tryQuery method itself isn't a dry run, but an authenticated request from those dry-run signin/signup queries.

*If SurrealDB supports dry runs in their database, that would probably in itself be a whole other issue.

from surrealdb.js.