Authentication and authorization systems cannot be fully enforced on the client. The wrdauth JS api is intended to ease integration into websites, but you should not rely on eg the 'wh-wrdauth--isloggedin' class to hide sensitive information from users who are not logged in.
Please note that the wrdauth JS api cannot access the real login cookies - these are all marked as 'HttpOnly' to prevent the cookies from escaping in a XSS attack.
WRD authentication APIs
- OBJECT FUNCTION GetWRDAuthPlugin(STRING url, RECORD options)
Get the authentication plugin for the specified url
- OBJECT FUNCTION GetWRDAuthUserAPI(OBJECT wrdschema)
Get the user API of a WRD schema
- OBJECTTYPE WHUserApi
Webhare user API object
- OBJECTTYPE WRDAuthSupportBase
- OBJECT FUNCTION GetWRDAuthPages(OBJECT webdesign, RECORD options)
Implement standard login/passwordreset etc pages