Accounts.passwordless (and Vue)

makaha · November 20, 2024, 11:18am

(This is part of a slack communication thread, and placed here as a backup as Slack threads aren’t available after 3 months for many)

Slack thread

I’m using Meteor 3 (+Vue) with Accounts.passwordless and I’m running into unknown territory.
I’ve searched the docs, and web for answers, I’ve also tried to get some insights via AI but to no avail.
When using Accounts.requestLoginTokenForUser the user receives an email with an url.
That url doesn’t have a route in my router, yet when the url is clicked the user is automatically signed in without any coding on my part. And the user doesn’t know either because it doesn’t show. I have UI that should show if a user is logged in, but that only shows when you reload the page.

When I create a route, for example:

{ path: '/:loginToken/:selector', name: 'url_sign_in', component: UrlSignInView, meta: { requiresAuth: false } }

Then when the url is requested it isn’t used. I’ve created a basic component with only an alert and console.log on it and those don’t fire.

I wish I had some control in this. Getting data after log in and redirect user to the correct view etc.
When looking at the source code (meteor/packages/accounts-passwordless/passwordless_client.js at devel · meteor/meteor · GitHub) I see “Accounts.autoLoginWithToken” but I can’t find any documentation on this or if it can be disabled.

I have tried to set it in Accounts.config:

Accounts.config({
    tokenSequenceLength: 8,
    loginTokenExpirationHours: 0.5,
    autoLoginWithToken: false,
});

But this isn’t valid, because I get the following message: Accounts.config: Invalid key: autoLoginWithToken
Can someone provide more insight into this? Thanks in advance. (edited)

(this part might be of interrest: meteor/packages/accounts-passwordless/passwordless_client.js at devel · meteor/meteor · GitHub )

makaha · November 20, 2024, 11:27am

(More from the Slack thread)

Victor reacted with a valid point/idea as follows:
I guess you could override Accounts.autoLoginWithToken as an empty function to prevent to autoLogin behavior:
Accounts.autoLoginWithToken = ()=>{}

The routing magic which appears with some packages is a bit frustrating because it’s hard to find the source code related to it but it usually works as is and doesn’t need to be modified (like the oauth code here : meteor/packages/oauth/oauth_client.js at devel · meteor/meteor · GitHub )

If I were you, I would not override the default behavior but try to fix the UI using maybe another server call if needed.

The UI should show if the user is connected. Are Meteor.userId() and Meteor.user() correct on the client after auto login and before reloading the page ?

Me:
Problem is that no calls I found will react to the auto login / URL sign in. I tried in server/main to add Accounts.onLogin that will fire at startup but it doesn’t seem to fire with auto login.
The auto login does its thing and no UI updates seem to be called. So Meteor.userId() isn’t readable unless I do a reload. After the reload Meteor.userId() is available and can be shown either in the view or in the console.

Victor:
sounds like a bug to me. Meteor.user() and userId() should be set after autologin. I haven’t used passwordless yet so I can’t help you much.

makaha · November 20, 2024, 11:37am

After many hours spend on trial and error I came to the following solution:

In server/main.js I added this piece of code:

Accounts.onLogin(function(loginResult) {
    //console.log('loginResult: ' + JSON.stringify(loginResult));
    //console.log('loginResult.methodName: ' + loginResult.methodName);
    if (loginResult.type === 'passwordless' && loginResult.methodName === 'login') {
       Meteor.users.updateAsync(loginResult.user._id, {
          $set: {
             'profile.shouldNavigate': true,
             'profile.navigationPath': '/dashboard',
          },
       });
    }
});

To be perfectly honest, it works but I have no idea if this is the right solution. So if there is someone who can confirm this or provide a better solution, please do tell.

Thanks to Alim for pointing out to me that Slack threads are only visible for 3 months (for many users) so it would not help anyone who’s experiencing the same issue after that time.