How can a Losant User - use an experience view

#1

Hi

I have some custom dashboards I would like to build for Losant users - not experience users.
It would seem an experience view would be the best mechanism, however there doesn’t appear to be away to allow real Losant users to be authenticated to access the Experience View.

Am I missing something here ?

Thanks

Tim

#2

So, here are some assumptions I’m making given your original question …

  • The “custom dashboards” you refer to are actual Losant dashboards, and not custom visualizations you’re building on your own in an experience view.
  • “Losant users” in this case are people in the real world who have a Losant account - and those users are NOT already members of your organization (for if they were, they would already have a login mechanism to view these dashboards).

Given those assumptions, and your stated desire to not use experience users and pages as your authentication mechanism (side note: I’d like to hear why if you don’t mind), there are two approaches you can take:

  1. Invite these users to the organization that owns the dashboard(s) and, using our new granular permissions functionality, give them “None” as a default permission for the org and “View” (or whatever level you want) permissions for the dashboard(s) in question.
  2. Make your dashboards password-protected. This doesn’t really use Losant users as the login mechanism, but you could distribute the password to anybody out there - experience users, Losant users, people who are neither.
#3

Hi Dylan.

I should have written “custom visualisations”, so sorry the first assumption is wrong.
In addition the second assumption is also incorrect :wink:

So I want real world Losant account holders in the current organisation to access a “custom visualisations” implemented using Experience pages.

At the moment I can’t view the endpoint/views as I am not authenticated for the experience.

Thanks

T

#4

HI Dylan.

So I gave you insufficient info in the original question and I am actually asking for the opposite of what you assumed :wink:

ie they are an organisation member, and I want to build a custom visualizations in an experience view.

Can this be achieved?

I find because I am not an experience member I don’t have permission to access the endpoints.

Am I missing something ?

Thanks

Tim

#5

There is one thing you could do to allow Losant users to authenticate against your experience endpoints …

In the workflow that handles your users submitting login credentials, instead of using an Authenticate Experience User Node and sending their email and password to that, you could use an HTTP Node to send their credentials to the Losant API Authenticate User endpoint, and if the login is successful, you can create an experience user for that individual (if the experience user doesn’t already exist) and issue an experience token in response. This essentially turns Losant into an OAuth provider for your application experience.

What I don’t like about this approach is that this would be exposing these Losant users’ tokens - and possibly their passwords - if somebody were watching the workflow debug log as one of those requests came in.

#6

Hi Dylan

That is a bit of a pain and potential security issue.

For us we are unlikely to ever use experience views, but the ability to create custom visualisations is becoming important.

Can you suggest an alternate way that we might approach building custom visualisations for true Losant users or is what you have suggested the best path forward ?

Thanks

Tim

#7

Another approach I thought of was allowing Losant Auth to be used to verify Webhooks. Then we could host files, and the webhooks they call could be tied to Losant user auth. At the moment thats not possible.

Just thinking out loud at the moment.