How to automatically logout users on WeWeb?

Ambroise

I wonder if there is a way to automatically logout a user on WeWeb depending on something happening on Xano.

Right now, our auth token has a TTL of 24h, meaning users will be logged out every 24h anyway.

But, assuming we change the "status" of a user from "active" to "inactive", how could we reflect that change immediately on our WeWeb app?

I was wondering if there could be some built-in mechanism on the Xano side that could invalidate an auth token that was generated previously. And thus, WeWeb would be immediately affected, without having to implement anything particular on WeWeb itself.

Ray Deck

There are a couple of approaches you could take here:

1) Go to a super-short-lived token, and implement a refresh action that is getting a new token from Xano based on ongoing use. This would also give you more opportunities to kick the user out by refusing to issue a new token. This is how a lot of financial institutions work with their web apps. The upside is that it uses the Xano built-in auth as it is and has high performance. The downside is you need to implement that fetch process on weweb and xano. Not a lot of work, but not free.

2) Go to a token you validate in your function stack rather than in the Xano preprocessing step. You could have a one-line call to a validation custom function at the top of each of your API endpoints that does a precondition (erroring out) if the conditions for wanting to boot the user are met. The upside is total control and you do this all from Xano - no need to affect any weweb flows. The downsides are that you take a performance hit for having to do this checking in the function stack, having to add your validator to every endpoint you have or will have, and you have to own all this complexity related to auth status rather than farming it out.