Add Account managment #188
Comments
lane711
added
enhancement
|
Would implementing with Lucia make sense? |
|
Yes! This looks perfect for out needs at this stage. Thank you for making
us aware of this
…On Thu, Aug 17, 2023 at 5:00 PM Corey Jepperson ***@***.***> wrote:
Would implementing with Lucia make sense?
https://lucia-auth.com/database-adapters/cloudflare-d1
https://github.com/pilcrowOnPaper/lucia
—
Reply to this email directly, view it on GitHub
<#188 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABBGCC3OSRBPYPTJ65M5E4TXV2WBBANCNFSM6AAAAAA2RZQKOQ>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
I see there is an implementation in progress. Would it make sense to integrate with Zero Trust from CloudFlare for authentication purpose? Just a thought to keep things in the CloudFlare stack of possibilities? I do see taht the Lucia library also would use D1 which makes it also Cloudflare only 👍. |
|
thx @chrisspiegl I actually haven't looked into Zero Trust, but thanks for making me aware. I'll check it out |
|
I just setup Zero Trust myself for a few things and it's really fascinating how powerful it is. As far as I understand it, it would not support any way to have people register an account for themselves… but for the type of content management Sonic is supposed to do, I believe a manual "admin adds you to the allowed users" would be perfectly fine (or give access to all email addresses ending in @your-company.com). Zero trust can be easily setup to completely block access to any domain (and path) on the cloudflare network. And it has built in auth methods which you then do not have to worry about at all. Making it very flexible & basically a "no code" implementation for Sonic to just be behind a login system that's on Cloudflare anyways. I am kind of excited about the possibilities & especially the possibility to have less / no code on my end when using Zero Trust 👍. |
|
@chrisspiegl this sounds great. So would we still store user account info in our D1 database or is that managed too? I'll have to dive into this once time permits. |
|
@lane711 the user information is completely stored in Zero Trust and one can activate a handful of auth providers (where you have to then have your own app registrations with). Things like Facebook, Google, GitHub, etc. are supported out of the box. The one thing I don't know at this point (because up to this point I did not care) is: if it is possible to then "relate a user login to a content piece". But if it's just for "certain people can get access" type thing… that is definitely possible with Zero Trust. |
This will expand on:
#185
Add full account management:
The text was updated successfully, but these errors were encountered: