signInWithToken
- Token Authentication
- Type:
(token: string) => void
- Description: Core authentication function that sets the
pb_auth
cookie. All other authentication methods (signInWithPassword
,registerWithPassword
,signInAnonymously
) internally use this function to set the cookie.
Basic Usage
<%
// Set authentication using a token
signInWithToken('your-auth-token-here')
redirect('/dashboard')
%>
Cookie Management
This is the only function that directly sets the pb_auth
cookie. Other authentication methods work like this:
// How signInWithPassword works internally
function signInWithPassword(email: string, password: string) {
// 1. Authenticate with PocketBase
const authData = pb.collection('users').authWithPassword(...)
// 2. Use signInWithToken to set the cookie
signInWithToken(authData.token)
return authData
}
Common Use Cases
OAuth Flow Completion
<%
// After receiving token from OAuth provider
const token = params.token
if (token) {
signInWithToken(token)
redirect('/dashboard')
} else {
redirect('/login?error=missing_token')
}
%>
Custom Authentication Flow
<%
if (request.method === 'POST') {
try {
// Custom authentication logic
const response = await customAuthProvider.authenticate(formData)
if (response.token) {
signInWithToken(response.token)
redirect('/dashboard')
}
} catch (error) {
%>
<div class="error">
Authentication failed: <%= error.message %>
</div>
<%
}
}
%>
Important Notes
Cookie Management: This function:
- Is the core cookie-setting function used by all auth methods
- Sets the
pb_auth
cookie with the provided token - Does not validate the token
- Does not fetch the user record
Security Considerations:
- Always validate tokens before using them
- Use HTTPS in production
- Consider token expiration
- Protect against CSRF attacks
Usage Context: Typically used:
- After third-party authentication
- In custom authentication flows
- When implementing token refresh logic
- Internally by other auth methods