Passing data between API calls
Options
Jay
Member ✭
This is a follow up to this: https://community.xano.com/c/apis/how-to-hold-temporary-data-between-api-calls-endpoints
For an auth process, essentially one call produces a random string, and the next call passes that string back and needs to verify it is identical to the one i sent originally.
Currently i just save it to a table database and pull the first result on the next call then delete it once it is no longer needed.
This works if there is only one person running through this sequence at a time, but more than one user will be authenticating at the same time, bad timing can easily cause an issue where there is more than one state code saved at the same time resulting in a failure.
I have no idea how to save this code in one call and on the other one, pull the correct one. I'm not sure if and how to associate the two.
Unless i misunderstand the requirement. Here is the line from the reddit API:
“You should generate a unique, possibly random, string for each authorization request. This value will be returned to you when the user visits your REDIRECT_URI after allowing your app access - you should verify that it matches the one you sent. This ensures that only authorization requests you've started are ones you finish. (You may also use this value to, for example, tell your webserver what action to take after receiving the OAuth2 bearer token)”
Does this mean that i should just check that it matches to ANY of the state codes i have generated, and so long as this is a code i made, doesn't matter of for this user, or another, than it did indeed originate with me and that's good enough?
For an auth process, essentially one call produces a random string, and the next call passes that string back and needs to verify it is identical to the one i sent originally.
Currently i just save it to a table database and pull the first result on the next call then delete it once it is no longer needed.
This works if there is only one person running through this sequence at a time, but more than one user will be authenticating at the same time, bad timing can easily cause an issue where there is more than one state code saved at the same time resulting in a failure.
I have no idea how to save this code in one call and on the other one, pull the correct one. I'm not sure if and how to associate the two.
Unless i misunderstand the requirement. Here is the line from the reddit API:
“You should generate a unique, possibly random, string for each authorization request. This value will be returned to you when the user visits your REDIRECT_URI after allowing your app access - you should verify that it matches the one you sent. This ensures that only authorization requests you've started are ones you finish. (You may also use this value to, for example, tell your webserver what action to take after receiving the OAuth2 bearer token)”
Does this mean that i should just check that it matches to ANY of the state codes i have generated, and so long as this is a code i made, doesn't matter of for this user, or another, than it did indeed originate with me and that's good enough?
Categories
- All Categories
- 53 ? Announcements
- 47 ? Releases
- 37 ? Welcome
- 983 ? Help! I'm a Noob
- 125 ? No-Code Front-Ends
- 633 ? Working with APIs
- 439 ? Transforming data
- 126 ? Connect Xano to ...
- 50 ?? Find an Expert
- 348 ❓Other questions
- 35 ? Security
- 22 ✂️ Snippets
- 19 ? Showcase
- 7 ?️ Xano Chatter
- 62 ? Video Tutorials
- 171 ? Request a feature
- 229 ? Report a Bug
- 19 ? Templates & Extensions
- 7 ? Feedback