Document magic login authentication flow and troubleshooting

[Copilot]

The magic login system lacked documentation, causing confusion about how wott_* tokens are validated and why links redirect to login forms instead of auto-authenticating.

Changes

Inline documentation in plugins/wasmer.php

• Added PHPDoc for wasmer_graphql_query() and AdminerWasmer class
• Documented 7-step authentication flow: token extraction → GraphQL query with Bearer auth → backend validation → credential retrieval → security checks → auto-login
• Added inline comments explaining each step of the authentication process

README magic login section

• Authentication flow: Token sent as Bearer auth to WASMER_GRAPHQL_URL, validated server-side by Wasmer's GraphQL API (not stored locally)
• Environment variables: WASMER_GRAPHQL_URL (required), WASMER_APP_ID (optional security restriction)
• Troubleshooting: 5 common failure scenarios - missing env vars, expired tokens, unauthorized access, app ID mismatch, CORS errors

Code quality

• Fixed PHP short tags (<? → <?php) for consistency with codebase

Key architectural detail

The wott_* token is validated server-side via GraphQL API call, not stored locally. Magic login fails when:

• WASMER_GRAPHQL_URL is missing or incorrect
• Token is expired or lacks database access
• WASMER_APP_ID is set but doesn't match the database's app

// Token used as Bearer authentication to fetch credentials
$responseData = wasmer_graphql_query($url, $query, $variables, $authToken);

// Credentials auto-injected into Adminer's auth system
$_POST["auth"] = array(
    "server" => $server,
    "username" => $nodeData["username"],
    "db" => $nodeData["name"],
    "password" => $nodeData["password"],
);

View original Slack conversation

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.