First off, thank you for putting this together! It was very helpful for me. On the signup route it currently does:
req.auth.login(user) so that GET:makeCredential and POST:makeCredential know which user is signed in.
When I was adapting the example this caused a side effect where if the user abandoned the sign up flow it'd cause them to be "logged in", which had somewhat hilarious consequences for my site.
I ended up switching this to try req.session.data["userID"] = user.requireID().uuidString and then in later places where I needed it:
guard let idString = req.session.data["userID"],
let id = UUID(uuidString: idString),
let user = try await User.find(id, on: req.db) else {
throw Abort(.unauthorized)
}Which solved my issue. I figured I'd share in case anybody else was trying to adapt this example into something production ready or in case there was a better way or something I hadn't considered about my alternative.
First off, thank you for putting this together! It was very helpful for me. On the signup route it currently does:
req.auth.login(user)so that GET:makeCredential and POST:makeCredential know which user is signed in.When I was adapting the example this caused a side effect where if the user abandoned the sign up flow it'd cause them to be "logged in", which had somewhat hilarious consequences for my site.
I ended up switching this to
try req.session.data["userID"] = user.requireID().uuidStringand then in later places where I needed it:Which solved my issue. I figured I'd share in case anybody else was trying to adapt this example into something production ready or in case there was a better way or something I hadn't considered about my alternative.