Comments (6)
I think throwing error for that would be enough to let developer handle it.
Hmm maybe that's a good idea - just explicitly throwing an error other than just glossing over with an inline @todo or @fixme note.
That would also discourage people from bypassing appropriate handling and accidentally creating security bugs (such as ones that would allow someone to hijack anther persons account), which was bugging me.
I can see some approach here https://github.com/kriasoft/nodejs-api-starter#features
The passport code in that project looks ideal - it's a better than what I currently have and is how I was was thinking of refactoring it (so the provider logic is more generic, making it easier to add providers).
As it's MIT I'll just adapt it and credit them.
I'll address this and issue #6 later this week, probably tomorrow. Thanks!
from nextjs-starter.
Hah, so I have a version locally that has passport support but trying to implement it in a way that doesn't over complicate the example for folks to the point where it's hard to follow the logic.
The biggest problem is showing an example that has best case handling for all the complex types of errors that can occur in corner cases (like people trying to sign in with say a Facebook account that has an email address associated with it that is already used on another account and how you resolve that).
I think I can come up with a nice way to separate the email, oauth and common session handling logic - maybe into ./routes/auth/email.js and ./routes/auth/oauth.js and shared session logic in ./routes/auth/index.js so shall look at doing that.
from nextjs-starter.
Hah, so I have a version locally that has passport support but trying to implement it in a way that doesn't over complicate the example for folks to the point where it's hard to follow the logic.
Working example is enough for me :)
The biggest problem is showing an example that has best case handling for all the complex types of errors that can occur in corner cases (like people trying to sign in with say a Facebook account that has an email address associated with it that is already used on another account and how you resolve that).
I think throwing error for that would be enough to let developer handle it.
I think I can come up with a nice way to separate the email, oauth and common session handling logic - maybe into ./routes/auth/email.js and ./routes/auth/oauth.js and shared session logic in ./routes/auth/index.js so shall look at doing that.
I can see some approach here https://github.com/kriasoft/nodejs-api-starter#features
And actually I want to merge it with your nextjs-starter
and it maybe look like MEAN
stack at the end but nextjs/apollo/passportjs.
What you think?
from nextjs-starter.
@iaincollins interesting you shall mention the problem with the corner cases - it is my opinion that these should be handled by a separate "user accounts" library. I've been working on such a library - ooth, that you can find described here: https://medium.com/the-ideal-system/ooth-user-accounts-for-node-js-93cfcd28ed1a#.97kyfg4xg and the repo is here https://github.com/nmaro/ooth
Some logic is already in place for it to be extensible with different passport-based strategies, while taking care that corner cases like you mention (registering with a strategy that comes with an existing email address). It runs as an independent microservice, which of course is ideal for integration with next.js.
I'm now trying to create an authentication example with next.js, and hoping to find good inspiration in this nextjs-starter project - it will be published here: https://github.com/nmaro/ooth/tree/master/examples/ooth-next
On the other hand, if you do like the idea, I'll be glad to do whatever is needed for ooth to be used as a library in this project.
from nextjs-starter.
I've now added Passport support to https://nextjs-starter.now.sh as of version 2.5.
- It uses Passport for oAuth, together with express-sessions (as before).
- There is support for Facebook, Google and Twitter+ oAuth and it's easy to add more (see AUTHENTICATION.md and routes/auth-passport.js).
- It uses the universal client/server session system (with CSRF tokens, XSS protection via HTTP Only cookies, the ORM layer that supports Mongo, SQL DBs, Redshift, etc.) as the email sign in uses.
If any modules get released that can help abstract auth further I'd be happy to look at integrating them if it reduces the amount of project specific code. I've long wanted something like that but I suspect it's a tall order, because of how tightly integrated some things need to be - and de-coupling often ends up meaning more code and more complexity.
That nodejs-api-starter from kriasoft was very useful, thanks for that @katopz! I've ended up using a modified version of the same approach.
Configuring the oAuth with Facebook and Google is a pain, but it's easiest with Twitter as it's much less strict. At least there is a working URL I can point to to prove it all works, I'm just hoping no-one asks for any support for it. :-)
from nextjs-starter.
@iaincollins Great job! I did some WIP here with dirty passport-facebook
only while waiting, I'll try merge your code to see it blow up 🚀 weeee!
from nextjs-starter.
Related Issues (20)
- Upgrade the deployment settings to now v2 HOT 5
- Authentication.md HOT 1
- Adding CORS HOT 2
- Other CSS Framework
- Can i get res in next-auth.functions ?
- What do i need to pull data from a collection?
- TypeError: Cannot read property 'passport' of undefined on production build HOT 1
- Several dependencies need to be updated HOT 1
- Nodemailer needs to be updated HOT 1
- Update to next.js 9? HOT 3
- build:server & export:server commands are not working
- FullCalendar in Nextjs
- Cloning and installing packages is failing because package-lock.json is present
- npm install fails HOT 2
- Memory leak in app created from this boilerplate
- Sign in doesn't work - takes to page not found '_error' does not exist.
- Deployment to Now v2 HOT 2
- 📢 Plans for the future HOT 2
- npm install error - remove package-lock.json before running npm i HOT 1
- 🚨 This project is now archived
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nextjs-starter.