Rebuild authentication (remove Auth0) #16
Comments
Shpigford
added
help wanted
🚨 Urgent
|
@Shpigford I'm happy to take this one and add AuthJS instead of Auth0 |
|
@cbnsndwch i'm completely ignorant on auth solutions for Next. Is AuthJS the most common solution? |
|
It's what the cool kids use yeah. I'm also happy to replace it with a self-hosted open source OAuth2 server but that would require running a separate container. If that would be OK, I recently migrated my app from Auth0 to LogTo https://logto.io |
|
Gotcha. AuthJS it shall be! Let me know if you need anything to tackle that. |
|
Initially clarification on this from the docs you linked to:
Are we keeping Redis/Bull? |
|
i have no preference other than keeping dependencies to a minimum. |
|
So, what should auth0 be replaced by? I haven't yet went through the code, but the general way to go is to use passportjs with jwt auth. |
I have no preference other than not using any external service and keeping dependencies to a minimum. |
|
Alright then, can you assign this to me? I'll go through the codebase and will let you know my thoughts in here. |
|
I believe @cbnsndwch may have already begun some work on it. At this stage won't explicitly assign to someone until there's at least a cursory game plan in place based on code review. |
|
Oh okay! In that case I might be able to do a collab in case @cbnsndwch feels so, or take it up in case no one's working on it. |
|
This is open source app and we should go for open source only then. I agree with @rajdip-b use passportjs with jwt. This is good and simple |
|
What's the benefit of it over AuthJS, as recommended by @cbnsndwch? |
|
AuthJS is designed to be used with only Nextjs and serverless whereas PassportJS is best fit for express apps |
|
We're pretty deep into Nextjs, so seems AuthJS makes the most sense. |
|
If you are moving towards NextJS, then AuathJS is good. But the server I see in the codebase is based on express? |
|
Ultimately moving towards NextJS |
|
So you are planning to move your backend code to NextJS aswell if im not wrong? |
|
No specific plans at the moment. One step at a time. 🙂 But all things considered, I believe AuthJS is the proper solution at this point in time for Auth0 replacement. |
|
@cbnsndwch How are you feeling about tackling this? Pretty good bit of demand and it's also the biggest blocker to getting the app at least accessible to do additional work on. Just want to make sure you're feeling okay taking it on. |
|
I'm also taking a stab at it, currently have login/logout and registration working with NextAuth/AuthJS. Next step is to integrate with the existing user model and figure out how to initialize the onboarding flow for new users, also need to do some work on adding fields on the JWT and updating the middleware. I think it might be worth putting up a draft PR just so we can align on approach before going any deeper. Let me know what you think @Shpigford |
|
@tmyracle Draft PR sounds great to me! Go for it. |
|
We've increased the bounty on this to $500. |
|
/bounty $500 |
|
|
|
Hey folks! @Shpigford I only mentioned AuthJS because you said no external dependencies. I've spent quite a few hours getting up to speed and figuring out what needs to be done. Honestly thrown off by the development here. Would have appreciated you reaching out to me directly (Twitter/DM/EMail/others) Is this now a competition? I'm happy to work with other but not super fond of the pressure, TBH |
|
hi @cbnsndwch i @-mentioned you 24 hours ago after multiple people expressed interest in working on this here in the thread. no response from you, which is obviously fine. but given this is the single biggest blocker and there's substantial interest in the project right now, we opted to keep moving forward. there's no competition here. simply a bounty for completing the project. up to the community itself to decide if/how to work together. @tmyracle has submitted code and made the biggest strides forward and ultimately we'll optimize for code that's written and submitted. no bad intentions. simply optimizing for getting code written and a functioning app as quickly as possible. |
|
@cbnsndwch Hey, no ill will intended here. I'm just here to learn so if none of my stuff ends up getting used that's totally fine! I didn't see any response/activity so figured I'd just take a stab at it. Again, didn't mean to cause any issues. |
|
That's fine, I'm not gonna work on this then. @tmyracle no hard feelings 😊, go ahead! I'll find a different way to contribute that isn't as time-sensitive |
|
@Shpigford Is there are anyone working on this, and do you plan to have the auth in the NodeJS, or Next, I see u agree to go with NextAuth Can work on both, give me a hint about the final decision Options |
|
@Mahmoudgalalz Yeah, @tmyracle is pretty deep in to it: #37 |
|
Cool, Looked at it and it is pretty good work |
|
Hey @Shpigford , can we still try to work on this issue? or is it blocked for @tmyracle /attempt #16 Options |
|
💡 @tmyracle submitted a pull request that claims the bounty. You can visit your bounty board to reward. |
|
🎉🎈 @tmyracle has been awarded $500! 🎈🎊 |
|
Resolved with #37 |
The original codebase required Auth0 for all auth-related actions. We need to rip that out and replace it with something that's not a third-party dependency.
Here are archived reference docs for how we used Auth0 initially: https://github.com/maybe-finance/maybe/wiki/Auth0
The text was updated successfully, but these errors were encountered: