How can I login a user automatically on browser when he's logged-in into the app


#1

I want the logged-in user of app to get logged-in into browser as well when he clicks a button on the app which will redirect him to the browser.

I have tried to use token to login but its not working though.

‘click #workout-list__web-report-link’: function (e, t) {
const webUrl = (Meteor.settings && Meteor.settings.public &&
Meteor.settings.public.webUrl);
const remoteUrl = webUrl +
/direct-access?rlt=${t.directLoginToken}&rurl=/workouts/report;
window.open(remoteUrl, ‘_system’);
}

FlowRouter.route(’/direct-access’, {
name: ‘directAccess’,
action: function (params, queryParams) {
const redirectUrl = queryParams.rurl;
const remoteLoginToken = queryParams.rlt;
if (Meteor.user() || !remoteLoginToken) {
FlowRouter.go(redirectUrl);
return;
}
Accounts.callLoginMethod({
methodArguments: [{token: remoteLoginToken}],
userCallback: () => FlowRouter.go(redirectUrl)
});
}
});

loggedInRoute.route(’/workouts/report’, {
name: ‘workoutReport’,
action: function (params, queryParams) {
BlazeLayout.render(‘lightLayout’, {
nav: ‘workoutReportNav’,
main: ‘workoutReport’
});
}
});


#2

Theoretically, you’re on the right track. Unfortunately, writing the URL this way, where the token is not one-time use and put into the query part of the URL (after the ?), is very bad practice (your logs will have something as good as a password in them, which is a big security hole). The easiest thing to do is to put the token in the fragment part of the URL (after the #).

For testing purposes, try to just login on desktop with a token you print to console. This will help you understand if you’re printing the right thing, or if something in the URL isn’t parsing correctly, etc. (the tokens are base64, which includes a = symbol, so that can mess up what gets put into a URL if it’s not encoded correctly, which yours is not).