Skip to main content
Version: 2.0.0

Login Method

The Login Method for Permit Elements is a simple and secure way to embed Permit Elements into your application.

Overview

Before showing the Permit Element in your application, you need to log in the end-user. In order to login you'll first need to decide which login method you want to use. There are two main ways to login a user to the Permit Element:

  1. 🌏 Client-side Login - This is used when you want to log in a user from your frontend application - this is the most common way to log in a user.

  2. ⚙️ Server-side Login - This is used when you want to log in a user from your backend server - You can choose between Cookies, Bearer Token or Custom Headers login methods.

Here's a diagram to help you understand the flow of the login process:

Login Method Flow

⚙ Server-side Login method

In the server side, We have the permit.elements.loginAs() method takes two parameters. You need to pass in the unique userId that your end-user has in Permit.io, and a Tenant Key or ID. Passing in the tenant is compulsory when logging in a user server-side.

permit.elements.loginAs({ userId, tenant });
IMPORTANT

The user must belong to the tenant in order to login. Otherwise, the user will get an error saying USER_NOT_FOUND.

If the user want to change tenant, the user will have to log-out, and then log-in to a different tenant.

Initializing Permit

To use the Permit SDK, you need to initialize it with your API key. You can find your API key in the Permit.io dashboard.

from permitio import Permit
const { Permit } = require("permitio");
const permit = new Permit({token: "<YOUR_API_KEY>", ...});

Use the loginAs function

You need to create a route in your backend server to allow your client to loginAs themselves and get access the Permit Element.

The backend loginAs route is matched based on the Authentication methods you have implemented inside your App. Most applications authenticate with the Bearer Token or Cookies, but we also allows you to use any other HTTP Security Header. The important part here is, that you use the appropriate code example below based on your Authentication method.

const express = require("express");
 const app = express();
 app.get("/login_cookie", async (req, res) => {
     // const user_key = get_user_from_jwt();
     const ticket = await permit.elements.loginAs({userId: user_key, tenantId: TENANT});
     res.status(302).redirect(ticket.redirect_url);
 });
 app.listen(port, () => {
   console.log(`Example app listening at http://localhost:${port}`);
 });

Setup The Client-side Login

Next you need to setup the client-side login method to log in the user to the Permit Element - follow the instructions below.

🌏 Client-side login method

In the client side, you need to call the permit.elements.login() method from "Permit-JS" SDK to log in the user. This function is used to log in the user to the Permit Element

Install Permit-js

Once you have your application ready, you need to install Permit-JS SDK. This gives you access to our prebuilt embeddable Element components.

Run the following command to install the Permit-js SDK in your project:

npm install @permitio/permit-js

In the client side, you need to call the permit.elements.login() function to log in the user.

This function will use the Server-side endpoint you created in the previous step (if you are using the Server-side login method).

permit.elements.login({
    loginUrl: 'https://your_app_url.com/login_cookie',
    tenant: 'your_tenant_key',
    token: '<TOKEN>',
    loginMethod: LoginMethod.bearer
}).then((res: any) => {
    //optional handle success
}).catch((err: any) => {
    //handle error
});

There are few things that need to be configured here:

  1. loginUrl - The URL that corresponds to your Server-side login route you created in the previous steps.
  2. loginMethod - The login method you are using (cookie, bearer, headers, frontendOnly)
  3. tenant (Optional) - Required for frontendOnly login method. the name of the tenant that the user is part of, you can set it at your backend as well.
  4. token (Optional) - Required for bearer token login method, you need to pass the token here.
  5. headers (Optional) - Required for custom headers login method, you need to pass the headers here.
  6. userJwt (Optional) - Required for frontendOnly login method, you need to pass the user JWT here.
  7. envId (Optional) - Required for frontendOnly login method, you need to pass the Permit.io Environment Key or ID here.
tip

We recommend to place the login close the the user's authentication part, after the user's identity confirmed by the Authentication provider you are using, but just before the Permit.io Element is loaded.

Use The login Method

There are 4 supported login options choose the one that you are using in your backend.

The loginMethod here should be set to: LoginMethod: LoginMethod.cookie.

permit.elements.login({
    loginUrl: 'https://your_app_url.com/permit_login,
    tenant: 'your_tenant_key'
}).then((res: any) => {//optional handle success
 }).catch((err: any) => {//handle error
});

After you run login successfully you will get a cookie called permit_session which will allow you to load your Permit Element securely and successfully.

Client-side logout method

This function should be called along with the logging-out logic that you have within your App, to make sure the user does not continue to have access to the Permit Element.

This logout method should be called as part of the logic of logging your user out with your authentication solution.

permit.elements.logout();

Login Errors

There are a few possible errors you might find yourself come across while working with the embedding of Permit Elements.

ErrorDescription
USER_NOT_FOUNDThis error can appear if you are trying to log in as a particular user, but that user does not exist within Permit. You can also experience this login error when you are trying to login a user into a tenant that he does not belong to.
TENANT_NOT_FOUNDThis error can appear when you are passing in a tenant, either in the frontend permit.elements.login function, or in your backend URL endpoint, where the tenant has not been created in Permit.
INVALID_PERMISSION_LEVELThis error will emerge when you are trying to access part of the Element which you have not been given access too.

Contents