Help

API token storage in blocks. Passport.js?

Topic Labels: Extensions
2534 5
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Holly_Gronau
5 - Automation Enthusiast
5 - Automation Enthusiast
See Solution in Thread

‎Aug 19, 2020 01:12 PM

I am attempting to log my air table users into the Sanity.io using API token for authentication but I can’t find a setting to store the token safely in airtable. Do I need to build passport.js with third party authentication or am I missing something?

Reply
5 Replies 5
Bill_French
17 - Neptune
17 - Neptune
See Solution in Thread

‎Aug 19, 2020 01:51 PM

Holly,

I think what you need is this - I have not played with this yet, but it seems like the right approach.

Reply
Holly_Gronau
5 - Automation Enthusiast
5 - Automation Enthusiast
In response to Bill_French
See Solution in Thread

‎Aug 19, 2020 01:58 PM

What I need is a way to store a bot Authorization: Bearer so my users that use my custom block can log into the data set and update this data using airtable. I added this beta but it looks like it just running JS inside the airtable itself vs. custom blocks? Or am I miss understanding?

0 Kudos
Reply
Bill_French
17 - Neptune
17 - Neptune
In response to Holly_Gronau
See Solution in Thread

‎Aug 19, 2020 02:09 PM

Yeah, that’s a key piece of the puzzle. I did not assume you were building a custom block.

The way we have handled this is to create an authentication server (or use an open source platform like KeyCloak) to arbitrate access. But, in a custom block environment you are able to create something that should avoid this pattern, right?

image

If so, this about does it…

image

Reply
Holly_Gronau
5 - Automation Enthusiast
5 - Automation Enthusiast
In response to Bill_French
See Solution in Thread

‎Aug 19, 2020 06:36 PM

I am not really sure with the custom blocks. It’s new to me I am still wrapping my head around it. Usually we are very careful with our API access and run it only in .env adding that information to a platform like Netlify or Heroku etc is easy they have made provisions for this without the need to use a proxy. The dataset I need access to is our own which runs live code online so it’s still risky to leave an open key in airtable. It’s more of a risk than I would like to take. I thought about using third party authentication and running passport.js but we are not set up at an enterprise level to use third party authentication.

Thank you for the example. I appreciate it. I can look into running a server in the custom blocks too.

0 Kudos
Reply
Bill_French
17 - Neptune
17 - Neptune
In response to Holly_Gronau
See Solution in Thread

‎Aug 20, 2020 06:30 AM

Indeed. That’s why I suggested the opposite in my examples.

In a custom block (as far as I know), you control the environment no different than you would in a Heroku deployment. I would escalate this to Airtable support to get perfect clarity if you fear that the custom block framework in React is unable to support your security requirements.

Reply
Copyright © 2024 Khoros, LLC