sonicjs icon indicating copy to clipboard operation
sonicjs copied to clipboard

Published 20 hours ago verified publisher icon lane711

Add Account managment

Open lane711 opened this issue 1 year ago • 7 comments

This will expand on: #185

Add full account management:

  1. user registration endpoint
  2. roles / role mapping
  3. user login endpoint (returns token)
  4. add databases tables with migrations (via drizzle)

lane711 avatar Jul 20 '23 18:07 lane711

Would implementing with Lucia make sense?

https://lucia-auth.com/database-adapters/cloudflare-d1

https://github.com/pilcrowOnPaper/lucia

acoreyj avatar Aug 18 '23 00:08 acoreyj

Yes! This looks perfect for out needs at this stage. Thank you for making us aware of this

On Thu, Aug 17, 2023 at 5:00 PM Corey Jepperson @.***> wrote:

Would implementing with Lucia make sense?

https://lucia-auth.com/database-adapters/cloudflare-d1

https://github.com/pilcrowOnPaper/lucia

— Reply to this email directly, view it on GitHub https://github.com/lane711/sonicjs/issues/188#issuecomment-1683132501, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABBGCC3OSRBPYPTJ65M5E4TXV2WBBANCNFSM6AAAAAA2RZQKOQ . You are receiving this because you authored the thread.Message ID: @.***>

lane711 avatar Aug 18 '23 05:08 lane711

I see there is an implementation in progress. Would it make sense to integrate with Zero Trust from CloudFlare for authentication purpose? Just a thought to keep things in the CloudFlare stack of possibilities?

I do see taht the Lucia library also would use D1 which makes it also Cloudflare only 👍.

chrisspiegl avatar Oct 22 '23 07:10 chrisspiegl

thx @chrisspiegl I actually haven't looked into Zero Trust, but thanks for making me aware. I'll check it out

lane711 avatar Oct 23 '23 15:10 lane711

I just setup Zero Trust myself for a few things and it's really fascinating how powerful it is.

As far as I understand it, it would not support any way to have people register an account for themselves… but for the type of content management Sonic is supposed to do, I believe a manual "admin adds you to the allowed users" would be perfectly fine (or give access to all email addresses ending in @your-company.com).

Zero trust can be easily setup to completely block access to any domain (and path) on the cloudflare network. And it has built in auth methods which you then do not have to worry about at all.

Making it very flexible & basically a "no code" implementation for Sonic to just be behind a login system that's on Cloudflare anyways.

I am kind of excited about the possibilities & especially the possibility to have less / no code on my end when using Zero Trust 👍.

chrisspiegl avatar Oct 24 '23 03:10 chrisspiegl

@chrisspiegl this sounds great. So would we still store user account info in our D1 database or is that managed too? I'll have to dive into this once time permits.

lane711 avatar Oct 25 '23 16:10 lane711

@lane711 the user information is completely stored in Zero Trust and one can activate a handful of auth providers (where you have to then have your own app registrations with). Things like Facebook, Google, GitHub, etc. are supported out of the box.

The one thing I don't know at this point (because up to this point I did not care) is: if it is possible to then "relate a user login to a content piece".

But if it's just for "certain people can get access" type thing… that is definitely possible with Zero Trust.

chrisspiegl avatar Oct 25 '23 18:10 chrisspiegl