Q: Is it possible to use AuthRocket with a static website (no database)?
A: Sure. To do so, you’d want to use our LoginRocket feature for both logins and signups (unless you plan to pre-create all users directly through our management UI).
Then, you can use a Javascript JWT library to decode the login token. The decoded token includes some user info, like name and email, which you can then use on the site. Either decode the JWT in unverified mode, or use RS256 verification instead. (With the default, HS256, it is not safe to expose your JWT Secret. Doing so will create a security vulnerability.)
If you need more complex functionality, like storing and retrieving custom data from the user record, then you’ll need to have a backend webserver that can talk securely to our API. Technically speaking, your backend server still doesn’t have to have a database, but it would be a dynamic (non-static) website.
Tagged with: loginrocket
jwt
Questions? Find a Typo? Get in touch.
Related articles:
Connecting Existing User Data
Limits on Simultaneous User Sessions
User Impersonation
Returning a JWT with Updated User and Org Data
Using AuthRocket with a Static Website
Getting Memberships when Authenticating a User
Making User Login Easier and Faster
Super Users and Support Agents
Create a Session without User Intervention
What is Inside a Login Token?
User Management Permissions
Testing API Calls
Retrieving Permissions
Encoding Extended Information into a JWT
Nesting Permissions