How to secure a Vercel-hosted React OpenAI chat during modal training? Answered
We will be hosting a Vercel instance of a React front end for an OpenAI chat. The chat must absolutely be secured from unauthorized access during model training. Is Memberstack appropriate for this?
If not, what is the recommendation?
Subsequent to model training, public engagement with the model needs to be integrated as Memberstack gated content for our investor, partner, and client base across multiple domains. I understand (I am not a developer) that Memberstack integrates with React at a deeper level than, for example, Webflow.
We have had the React front end for OpenAI model training, and the cross-domain login for Memberstack users across unrelated subdomains/domains, as separate projects until now. Prior advice here was to handle login/logout/gated access through a third party server; we've got Google Cloud set up but since we are moving to Vercel/React for the OpenAI model, our overall digital footprint moving from Webflow to Vercel is now accelerated.
Properly speaking that means we're not developing anything new on Webflow any longer and are focusing on transition to Vercel over time. Part of that transition means that Memberstack suddenly has a new home for us; is it possible in the Vercel/React environment to achieve the cross-domain login/logout/gated content UX we're looking for, in a more robust and integral manner?
That's the kind of questions we're looking for here: experts in the Memberstack/React/Vercel confluence.
I need to have some intelligent preparatory discussions with SMEs on these matters. My thanks in advance for any who can assist with recommendations as we commence this planning.
Comments
7 comments
According to the docs, cross domain login is possible, as long as you're using the same memberstack appid in your different sites.
https://docs.memberstack.com/hc/en-us/articles/18004875142555-Enable-Cross-Domain-Login-with-Memberstack
I've seen that and it will solve some of what we want to do. We have some other domains (not subdomain) that we want to have someone land there and be logged in.
Do you have any guidance on essentially taking that session and applying it somewhere else, avoiding another login? The Dom library docs examples show how to get user data, not so much session information we can pass around.
Our main site (webflow) has the authentication, but like mentioned above we have a more sophisticated application on another platform that needs to be gated.
For now, having our users reauthenticate using the standard libraries and methods could work but that will not work long term.
Uhmm natively there's no way to do it for different root domains. it's because of browser security policies that cookies are not shared to different domains.
You could try to insert the JWT token in a different cookie with a different domain
I was thinking it would need to be something like that.
What part of the libraries exposes that to be used?
When you login the JWT is stored in localStorage by default or in a cookie if you set it up. You can also call the $memberstackDom.getMemberCookie() to get the value of the token.
Very good, that gives me something to work with.
Yes. thank you!
Please sign in to leave a comment.