Authentication

This service creates a login/logout button in a dedicated container and opens a new login window. After a successful login, you will receive a token that can be used for other requests.

import {Loader} from 'thaff-embed-scripts';
import 'thaff-embed-scripts/dist/thaff-embed-scripts.css'

const loader = new Loader({
    key: '{key}'
})

const ThaffAuth = await loader.importAuth();
const auth = new ThaffAuth('#login-container');

Depending on the current state, you can either render a login or logout button

auth.renderLogout();
// or
auth.renderLogin();

There are onLogin / onLogout hooks to get the token or display custom messages on your website or to toggle the current button.

auth.onLogin((token) => {
    console.log('Successfully logged in ' + token);
    auth.renderLogout();
})
auth.onLogout(() => {
    console.log('Successfully logged out');
    auth.renderLogin();
})

It is possible to trigger authentication manually as well

try{
    const token = await auth.startAuthentication();
    console.log('Successfully logged in ' + token);
} catch (err){
    alert("User closed the window or there was a server error");
}


try{
    await auth.logout();
    console.log('Successfully logged out');
} catch (err){
    alert("Error during logout");
}

To the instance you can use the .destory() method. It remove all DOM manipulations and event listeners

Methods

Here is the typescript definition of the auth class

export interface ThaffAuth {
    /**
     * callback when login is finished
     * @param callback
     */
    onLogin(callback: ThaffLoginCallback | null): void;

    /**
     * Callback after logout
     * @param callback
     */
    onLogout(callback: (() => void) | null): void;

    /**
     * manually logout currently logged in user
     */
    logout(): Promise<boolean>

    /**
     * render login button inside the container
     */
    renderLogin(): void;

    /**
     * render logout button inside the container
     */
    renderLogout(): void;
    /**
     * manually start the authentication when you do not want to use the button but a custom trigger
     */
    startAuthentication(): Promise<string>
    /**
     * remove all DOM manipulations and event listeners
     */
    destroy(): void;
}

Logout webhook

Once users logout from an API service in their internal ThAFF account area and not via custom logout button we send a webhook with the information to delete your stored token.

Once provided during logout the following curl request is executed

curl -X POST {url} \
     -H "Content-Type: application/x-www-form-urlencoded" \
     -d "token={token}"
     -d "apiKey={apiKey}"

you can optionally check for the correct API-key just in case others run this URL to make sure it comes from the correct server.

Last Updated::
Contributors: Robin Schambach