I would like to know if I can have front to authenticate a user against a front plugin. The plugin does receive an auth_secret but it is a global value and can easily be traced in the http inspector.
- Is there an option to have an auth_secret per user that only that user can see?
- How secure is the `tea_XXXX` id I can find in `context.teammate.id`. I think that these don’t seem to be not visible / guessable on the front end?
Basically, how sure can I be that in the context that my plugin receives, the teammate is actually the currently logged in front teammate and that the context has not been tampered with?
Thanks,
Tilmann
Best answer by jason
View original