I have my project separated in multiple repos (mono repo) and I have them as such: medusa-server, medusa-admin, medusa-frontend, presentation-site. I was wondering if I could implement the social login logic in the "presentation-site" as well, sending the user to the medusa-plugin-auth but redirecting them back to the presentation-site instead of admin/store
#Login from a third location (not store/admin)
crystal sorrel
From what I see in the source code of the plugin, I would need to add a new domain, and just have it behave like the store one
Did anyone managed to do something like this?
echo ember
I am not sure to understand, the success redirect will redirect you where you want. You just need to set it no? Could you elaborate a bit more on the issue you are facing at the moment
crystal sorrel
At the moment, I can only add admin or store in the resolver, so when I try to login from 'presentation-site' the redirect would send me to the STORE_URL even though I am coming from the third location
echo ember
If you already use it for the store and admin then indeed you need a third auth system for your other one. The idea is that in order to secure it for each part to not be able to access the other part, you want a different jwt prop stored in the session (for security reason). Plus those strategies are ment to be integrated in the medusa system after. So indeed, you would need to build your own strategy for this third location. You can probably inspire yourself from the plugin to add your own.
Because 1. You can’t use the same strategy on different url, 2. if you use the store strategy for your third location, it will lookup in the customer table to find the customer and will set up a store_jwt. It would means that those users can then also access the store front as well. I don’t know if you want that as it can be insecure
crystal sorrel
Well I want that, I want to allow customers of the storefron to use the same account also on the presentation site
How would that affect, the security? Would it allow some form of attack?
echo ember
Normally it should be fine, in that case, i am not sure if i release the redirectTo query param 🤔 could you give it a go?
When you call the auth end point, you can pass a redirectTo query param that force the redirect to this particular url
If it is not released, I can have a look on monday to release it cause it means that i have forgotten 😅
crystal sorrel
sure thing, I am looking at it now, thanks 😄
crystal sorrel
If it is not released, I can have a look on monday to release it cause it means ...
works 🙂 thank you very much 😄