New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Simple username/password authentication, which method should I use? #745
Comments
None of these will save users in your database automatically, you'll need to set that up yourself. I have a project that uses Netlify Identity for my login and here's how I go about creating a local user in my DB when someone signs in the first time: // api/src/lib/auth.js
import { AuthenticationError } from '@redwoodjs/api'
import { db } from './db'
export const getCurrentUser = async ({ name, email }) => {
const user = (await db.user.findOne({ where: { email } })) || (await createUser(name, email))
return user
}
const createUser = (name, email) => {
return db.user.create({ data: { name, email } })
}
export const requireAuth = () => {
if (!context.currentUser) {
throw new AuthenticationError("You don't have permission to do that.")
}
} So I'm getting the |
@cannikin that would make a nice cookbook recipe doc, I imagine a lot of people wanting to do that exact thing. |
in #214 , @DanielKehoe said:
So , @cannikin Will that save users in Netlify Identity? Will it come with costs? And, will there be an authentication system that does not rely on third parties? |
Nope, if you use the Identity widget then a signup means the user goes into Netlify and counts against that 1000 users in the free tier.
I believe we have on the roadmap rolling your own authentication using your own database and a GraphQL call, but that will have the same simple `useAuth()` hook. If you didn’t care about `useAuth()` you could create your own right now on the web side pretty easily—make a GraphQL query for looking up a user by username and password (hashed password would be more secure) and then put the resulting user in state.
The API side would be a little trickier...you’d need to have some way to include an identifier for the user on every call to GraphQL so you could look up the user making the request. Not trivial, but possible.
|
@cannikin Could this feature be given the highest priority? |
@zwl1619 maybe Auth0 or Firebase Auth is better for your needs? Auth0 offers 7,000 accounts free. For Firebase, there's more setup, but from what I understand there's no cost for web Auth: https://firebase.google.com/pricing If you're interested in rolling your own authentication using the current Redwood Auth, here's a forum thread that covers a lot of what you'd need to do: https://community.redwoodjs.com/t/custom-github-jwt-auth-with-redwood-auth-advice-needed/610 Note: there have been a few updates and changes to the Redwood Auth package since this discussion, so do refer to the docs Hope that helps! |
I have read the docs of Redwood Auth and the forum thread above. |
^^ this is really helpful for us to know @zwl1619 Did you take a look at the thread for configuring your own auth? If so, does it seem possible for you? |
Another option that I have been considering myself, is adding a 3rd party auth provider like netlify, auth0 and firebase but open source and self-hosted. A few examples :
The added workload on Redwood, is simply adding a new provider, generator and doc. |
There is a good change that once Supabase auth support is in, by setting Prisma to use their Postgres and then using their AuthClient (which is username/password and based on GoTrue) this can give people username/password database auth. Will need a decent UI for the login and sign up forms to be more of an out-of-box solution, but people can still implement their own forms as needed. |
There are 5 authentication providers here: https://redwoodjs.com/docs/authentication
I want to use simple username/password authentication, and save users in my database.
Which one should I use?
The text was updated successfully, but these errors were encountered: