Hi,
App has Things called “Companies” and “Users” and Users need a ‘code’ to signup as part of a Company. This code is saved to the Company Thing and can be reused (ie., multiple new Users can use it to signup as part of the same Company).
Currently the code has no Privacy protection and I can verify it easily via simple workflows, but I’m aware the code can be found at runtime using Chrome’s developer tools. So I’d like to shift this to a backend workflow.
Assuming the User and Company already exists in the database, and the invite ‘code’ is saved to the Company (now with a privacy rule preventing anyone from seeing it), how do I actually ‘rebuild’ the workflow in the backend to:
- Securely validate that the User’s input matches the Company’s ‘code’
- Return the result of that validation to the frontend so messages can be displayed and the user directed to the appropriate next step
I’ve seen a couple posts from several years ago attempting a similar result, but did not see a clear solution. Hoping someone can point me in the right direction.
Also, to be clear, this is not taking the place of a user’s password or anything–this is simply an additional step in the signup flow that must be completed before the user can login.
Thanks in advance for any guidance.