Philip Molares

I think for now the shell is the way to go.

Depends greatly on what you want and how you want it to work.

I'd suggest having a separate admin page, that only users with an admin flag can use. Maybe we would need to have a some extra API routes. And of course...

We could also use this to make some controller routes accessible to anonymous https://stackoverflow.com/questions/53249800/optional-authentication-in-nestjs

This is already implemented. In the end each request of the public API must be authorized by an bearer token.

This discussion seems to be finished. An implementation issue will be created…

I think this is a very good idea and we should do this as one of the first things after 2.0 is released.

Hey @nieebel, Yeah this could be an idea, but we would need to have access to an SMTP server to send those mails on each instance. That's no dealbreaker, but...

I'd suggest implementing each of the initial auth methods and returning an JWT afterwards. All subsequent request to the private api are then made with the help of this JWT.

> For email please keep in mind that we stated at some point it would make more sense to just use "Username + password" instead of email, since email requires...