Suppose I do not wish to have an actual member area on my site/web app. I do not want to collect any kind of personally identifiable information for the CRM & Site Member section. Instead I authorize the user login via an SSO and on a successful authorization I store a session/user ID (which is returned by the SSO either as a URL parameter or some other method) using the session storage.
On my database everything is set to 'Admin Only' but I have a column called 'User ID' which will contain the same ID from the browser's session/user ID which I have stored. I run a backend query using suppressAuth for the find() parameter and retrieve all items whose 'User ID' column matches the browser's session/user ID and return it to the page. That's it.
Thx for sharing that technique. I never thought of it. This might only have some issue if you want to work with Wix app that use the member/crm system to keep track of users. Other than that I don't see any flaws (but I'm not a security expert at all!)