Custom login authentication

Hello

I am trying to create a custom login auth via Create Record (POST) and while it works when the parameters are OK (valid email and password) it does not seem to trigger on error responses.
I have tried many variations to no avail e.g.
{ “error”: { “code”: “resourceNotFound:”, “message”: “invalid parameters” } }
with response header Status 401.

What is the correct JSON format for the error to trigger output at port 2 of the Create Record?.

Thank you.

The error response was correctly coded, the issue was with the status code which was not being set properly and was returning as 200 instead of 4xx.

Note that AppGyver issues an OPTIONS request before the POST so you night have to handle that by allowing POST requests to the same url.

And while the logic works now, the data create record test does not, it still fails with:
Error: TypeError: NetworkError when attempting to fetch resource.status: -1

Actually the Create Data (POST) output port2 returns a JSON object with code, status, message, and rawError. Any custom JSON in the response is added to the message (as text, see below) and to rawError as a JSON sub-object.

e.g. If your response includes this JSON:
{"msg":"invalid credentials"}
then in an AppGyver alert you can display it using this formula:
outputs["Create record"].error.rawError.msg

outputs["Create record"].error.message
is not a JSON object, it is a text containing, in this example, the following:
JSON error response from server: {"msg":"invalid credentials"}.
so parsing out msg is more difficult than using rawError.

I created a custom authentication using get record collection. I used a page variable and assigned it formula value to select (SELECT(data.credentials, item.username == AppVars.username)) if the username entered is correct. It can either ind a match or find nothing so I use the If Condition to authenticate first the username on the first page, then the password on the next.

Yes, you can use Get Collection but I found it easier to use Create Record (without creating anything) because:

  • values travel in a JSON object while sending and/or receiving, which makes setting multiple variables (keys) simpler.
  • values are in the POST request body, so no query string as with the GET request URL, and you can have separate request and response schemas.

I use IF conditions before the Create Record just to check that the app vars are not empty.
My login checks if the user and password combination is valid but never states which one is wrong in case of failure, keep them guessing if they don’t really know

1 Like