Are you looking into hiding the Speckle account completely to the user?
Not an OAuth expert here… But usually, the way other apps i’ve seen pulling this off was to allow to link your account, which basically just sends the user through the auth page of the service to get the access_token
and refresh_token
. You can then store these (hopefully encrypted) in your DB linked to your user. Every time your user needs Speckle from that point onward, you can use the tokens in your DB (either on the backend or the frontend)
Since the /auth methods return a redirect
response. You may need to pull this off in the frontend as part of your registration process:
- User fills in form in frontend and hits ok
- You register your user in the backend
- Frontend receives successful registration
- You then start the speckle registration using the user details by calling
/auth/local/register
with email
and pwd
- Speckle will return a redirect with the `access_token``
- Swap that for the real tokens, and store them in your DB
It may be that the web team screams at me after suggesting this though…