External Scheme

File Information

• Path: schemes/external.js
• Purpose: Authentication scheme for external/guest users
• Strategy Name: external

Overview

The External Scheme provides authentication functionality for external/guest users who have limited access to upload files or access shared assets. It handles OTP-based authentication, workspace restrictions, and limited session management.

Key Features

1. OTP Authentication

   • OTP code verification
   • Email-based authentication
   • Session creation
   • Limited access grant

2. Workspace Restrictions

   • Single workspace access
   • Workspace validation
   • Access expiration
   • Upload limits

3. Limited Session

   • Temporary sessions
   • Session expiration
   • Restricted permissions
   • Workspace-bound access

4. Token Management

   • Limited token storage
   • Token expiration
   • Workspace-specific tokens
   • Session cleanup

Scheme Methods

mounted()

Called when auth module is mounted:

• Initializes scheme
• Validates external user session
• Checks workspace access
• Validates session expiration

login(endpoint, data)

Handles external user login:

• Verifies OTP code
• Creates limited session
• Stores workspace context
• Sets access permissions
• Returns user data

Parameters:

• endpoint (Object): Login endpoint configuration
• data (Object): OTP verification data
  • otp_code (string): OTP code
  • email (string): User email
  • workspace_id (number): Workspace ID

Returns: Promise resolving to external user object

logout(endpoint)

Handles external user logout:

• Sends logout request
• Clears session
• Clears workspace context
• Redirects to request access page

Parameters:

• endpoint (Object): Logout endpoint configuration

Returns: Promise

fetchUser(endpoint)

Fetches external user data:

• Validates session
• Checks workspace access
• Returns user data
• Validates expiration

Parameters:

• endpoint (Object): User endpoint configuration

Returns: Promise resolving to external user object

reset()

Resets authentication state:

• Clears session
• Clears workspace context
• Resets auth state

External User Object

{
  id: 890,
  email: "[email protected]",
  name: "External User",
  workspace_id: 123,
  access_type: "upload",
  expires_at: "2024-12-31T23:59:59Z",
  upload_limit: 10,
  is_external: true
}

API Endpoints

Verify OTP and Login

• Endpoint: POST /external/verify-otp
• Request Body:

  {
    "otp_code": "123456",
    "email": "[email protected]",
    "workspace_id": 123
  }

• Response:

  {
    "token": "external_access_token",
    "user": {
      "id": 890,
      "email": "[email protected]",
      "workspace_id": 123,
      "access_type": "upload",
      "expires_at": "2024-12-31T23:59:59Z"
    }
  }

Logout

• Endpoint: POST /external/logout
• Request: Includes authentication token
• Response: Success confirmation

Get External User

• Endpoint: GET /external/user
• Request: Includes authentication token
• Response: External user object

Access Restrictions

External users have restricted access:

• Single Workspace: Can only access assigned workspace
• Limited Permissions: Upload-only or view-only access
• Expiration: Access expires after set time
• Upload Limits: Limited number of uploads

Usage Examples

OTP Login

// In component
try {
  const response = await this.$auth.loginWith('external', {
    data: {
      otp_code: '123456',
      email: '[email protected]',
      workspace_id: 123
    }
  })
  // External user logged in
  this.$router.push('/external/upload')
} catch (error) {
  // Handle login error
  this.$snackbar.error('OTP verification failed')
}

Check External User

// In component
if (this.$auth.loggedIn && this.$auth.user.is_external) {
  const workspaceId = this.$auth.user.workspace_id
  const accessType = this.$auth.user.access_type
}

Logout

// In component
await this.$auth.logout()
this.$router.push(`/${workspaceId}/external/request-access`)

Integration Points

• External Verify Page: Uses login method
• External Upload Page: Checks external user status
• External Middleware: Validates external access
• External Uploads Mixin: Workspace validation

Notes for Development

• Scheme extends auth-next base
• Workspace validation required
• Session expiration enforced
• Limited permissions
• Workspace-bound access

Related Documentation

• Schemes Overview - Authentication schemes
• External Verify Page - OTP verification
• External Upload Page - External upload
• External Uploads Mixin - External functionality