Throughout my years of tweaking, designing, and engineering software systems, I've come to realize a fundamental truth: there are no perfect system...
For further actions, you may consider blocking this person and/or reporting abuse
Thank you for the article,
I have a question, when you use a 3rd party service like Google, do you still store/create the user in your database. I guess I want to better understand the flow for signup and login authentication when you use a 3rd party auth service. Thanks.
Yes, you do, David.
The only difference is you don't have to store their password. Google/whoever will do the authentication part and give you a unique id for that particular user which you can store if they don't exist in your db or simply sign them in if they do.
I suggest looking into PassportJs or AuthJs (as I've also learnt from the discussion here). Feel free to reach out to me directly if you need any help or guidance.
Oh, that is true I will try it out. I am actually using next-auth.
Thank you very much that is very kind of you, I will actually be taking you up on your offer, because I am kind of tackling this issue at the moment with a personal project and I want to have better understanding of auth process.
I also researched and saw access token and refresh token as means to having better security, what is your perspective on this?
Thanks.
This is also my my first time hearing about next-auth...we are really blessed to have so many options as developers.
Acess Token and refreshtoken aren't that difficult terms. in simpler terms, accesstoken is the key you give to users to enter a gated place on your site after validating that they are who they are(authentication).
Refresh token just makes the process of issuing Acess Token seamless for the user so they don't have to reenter their details everytime their accesstoken expires
reach out through: @AsaboroD on twitter; we can take it up from there ;)
I can't send u message directly but I sent hello as a tweet.
Nice article! What about when using Auth.js?
No, I don't. In fact, this is my first time of hearing about it.
Also, correct me if I'm wrong...AuthJs is a library? if so...I use PassportJs, haven't got any reason to search for alternatives yet...However, Auth Js seems like an interesting library(simple to implement
at first sight)
Yes, It is simple. Best for using on Next.js full stack projects.
Yeah, I read that too...
I probably need a project that will force me to look into Next.js (an hackathon maybe), what do you suggest, Varga?
Maybe have a look at my latest article if you want to get deeper inside Vercel and the Next.js ecosystem. HERE you can find it.
I like a lot of the points in this article. I think I’ve decided that I’m never going to write a password system again. Auth0, cognito, Okta, and various OAuth identity providers make it so that storing user passwords is no longer necessary.
I avoid storing user passwords like the plague.
Thanks for pointing that out, Michael...that means a lot to me.
I'm also with you on the identity providers thing. Once you start integrating Oauth and the rest, you never want to go back...even for the end users...but some situations, one I found myself a few months ago still require going the old way....it is what it is.
software is about democraticizing acess.
It's my default choice, but there are cases where people are sceptical to connect their social accounts with your app...(when working on apps used my old folks) this is where an email and password comes in :)
tough work, but it's a must
Thanks you so much. You have really enlightened me about this. Am really grateful for this.
You are welcome, Ebine. It's a pleasure to do so.
Storing the user's password IS a critical mistake.
There are cases where it's unavoidable