Provide user authentication information on 'account.create' event

[gwesterman]

🚀 Feature

I'm trying to achieve the following: When a user creates an account I want the verification email to be sent by a server side function and not from within the client side callback.

Have you spent some time to check if this issue has been raised before?

I've used Google and discussed the issue with @eldadfux on Discord. As far as I can tell this has not yet been proposed or discussed.

Have you read the Code of Conduct?

Yes.

Pitch

For this to work one needs to set a valid JWT for the user inside of the function. The JWT is provided through the 'APPWRITE_FUNCTION_JWT' environment variable.

Currently the 'account.create' event does not set this variable since the user it not authenticated when account.create() is called.

Here's the code I'm deploying as a function:

const sdk = require('node-appwrite');

let client = new sdk.Client();

client
.setEndpoint(process.env.APPWRITE_ENDPOINT)
.setProject(process.env.APPWRITE_FUNCTION_PROJECT_ID)
.setJWT(process.env.APPWRITE_FUNCTION_JWT);

const account = new sdk.Account(client);

account.createVerification('http:https://localhost:4200').then(response => {
console.log('createVerification success', response);
}, (error ) => {
console.error('createVerification error', error);
})

Currently process.env.APPWRITE_FUNCTION_JWT is 'null'.

This can also come in handy in other scenarios.

[TorstenDittmann]

As of right now, we are only passing the JWT if the function was executed by the user itself. But I can understand how in this particular case it could be really beneficial.

This is also where the problem is then - it would be completely out of the ordinary and wouldn't follow any structure to have a JWT with only this call by an event.

Can you think of any more events where this might be nice to have? Maybe all account events? 🤔

[rdmchr]

How much trouble would it be to pass the JWT for each event? I feel like that would be the most consistent and easy to understand. Also having that JWT always accessible doesn't do any harm, does it?

[sammichael25]

As of right now, we are only passing the JWT if the function was executed by the user itself. But I can understand how in this particular case it could be really beneficial.

This is also where the problem is then - it would be completely out of the ordinary and wouldn't follow any structure to have a JWT with only this call by an event.

Can you think of any more events where this might be nice to have? Maybe all account events? 🤔

Agreed, I'm currently trying to conduct email verification checks using the on session create event to trigger a function but the JWT isn't set. Having the JWT available for all account events could help other use cases too.

[stnguyen90]

In Appwrite 1.5, it's now possible to create a session for a user server-side so you can do this and then have a session to call the account.createVerification() method.