Skip to Main Content
Builder.io Ideas
Created by Ersin
Created on Dec 8, 2021

Integrations with Auth providers

Implementing authentication and authorization using no-code solutions sucks. There are no straightforward ways to implement high-security login/logout with stateful sessions. All the demos out there either rely on relatively insecure approaches (e.g., using JWT as session holder, storing JWT's in local storage) or involve a lot of work writing auth services. So much work that it negates the point of going no-code in the first place.

IMHO, proper auth is not-no-code's killer use case. Rails, Django, et al. nailed this a loooong time ago.

What if Builder finally solved auth for no-code?

Let's write plugins to seamlessly integrate with Auth0, Okta, Memberstack, Outseta. Rich and robust authorization flows in each case, being able to granularly select which content can be accessed via web and our API's with a proper RBAC mechanism. Sessions are set using SameSite/HttpOnly/Secure cookies. Maybe we need to develop some extra stuff in addition to plugins, but I think that a few plugins + some function models could potentially do the trick.

Webflow + Memberstack doesn't solve any of this, and unless for Memberstack 2.0 (launch imminent) they have deeply integrated with Webflow, I don't know how they will. Current Memberstack gates content with client-side auth, e.g., client-side JS checks the JWT for scopes and blanks the screen if you don't have the required scope. Obviously not good enough for sensitive use cases and doesn't handle any kind of programmatic API usage.

AFAIK, we would be the first to market with a robust auth solution for no-code.

  • Attach files
  • Ersin
    Reply
    |
    Dec 8, 2021

    Related (social logins): https://ideas.builder.io/ideas/PROD-I-22