Authentication based on third parameter (user type) in addition to username and password

I'm trying to figure out how to authenticate users based not only on their username/password, but also verify their user type.

Imagine I have 2 user types, "provider" and "recipient" for example. I want to have a toggle on the log-in (startscreen) for the user to select if they are a "provider" or "recipient". If they select "provider" then the authentication should check the username/password AND confirm their user type in the database (I've added a "userType" column to the 'Users' table). If they are trying to log in to the wrong user type, I want to display a "wrong usertype" error or popup.

Here's what I think needs to be done:

1- Assign toggle values: "provider" and "recipient"

2- Upon clicking "log in" button, the "loginService" is invoked, AND I want to invoke a RESTservice to save the corresponding userType to a local storage variable (grabbing it from the Users table on the db).

3- For the service loginService, upon Success I have should run a javascript to check if the local variable value (which was obtained from the userType column in the Users table) is equal to the toggle value. If yes, then access is granted (navigate to appropriate page), if not "wrong usertype" popup.

My question is: does this seem like a feasible approach? How would I grab the userType from the db table and save it to the local variable? Lastly, any ideas on what the javascript to check if the user types match and proceed accordingly will look like?

As always, thank you in advance for any input/advice!!
1 person has
this question
+1
This topic is no longer open for comments or replies.
  • Hi Jon,

    At first you need to know that this third parameter could not be as part of primary key for Users collection. That means - in your Users collection could be just one user with username "aaaa". So you can not have user "aaaa" as "provider" and other one user "aaaa" as "recipient".

    I can suggest you two solutions:

    1 Use as "username" - combination with "realusername" + "role". In this case you will have users with username "Jon_provider", and "Jon_recipient". So every time user selects in login form two fields(username and role) you should combine them in single value and use combined value to login.

    2 The second way - login with user provided credentials, then get user details and compare selected "role" and "role" from user details. If these "roles" are equal - login - success, and not success in other case. (note: in this case you can not have the same users for different role).

    Regards
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. indifferent, undecided, unconcerned happy, confident, thankful, excited kidding, amused, unsure, silly sad, anxious, confused, frustrated

  • Thank you Yurii!
    That's exactly what I was looking for.

    I like the first approach (very clever), but I prefer the second so the user only has one account profile to deal with, even for both types.

    I think I can have the same users with both roles if I either make the userType an array (instead of a string), or I can keep it a string and there would be 3 possibilities: 'provider', 'recipient', 'both' (or 1, 2, and 3)... If this person's userType is "both", then they will be logged into whichever screen corresponds to the toggle.

    I'll try this approach today.
    Thanks again for pointing out this limitation as something to think about!
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. indifferent, undecided, unconcerned happy, confident, thankful, excited kidding, amused, unsure, silly sad, anxious, confused, frustrated