maybe
maybe copied to clipboard
maybe-finance
Rebuild authentication (remove Auth0)
The original codebase required Auth0 for all auth-related actions. We need to rip that out and replace it with something that's not a third-party dependency.
Here are archived reference docs for how we used Auth0 initially: https://github.com/maybe-finance/maybe/wiki/Auth0
@cbnsndwch i'm completely ignorant on auth solutions for Next. Is AuthJS the most common solution?
It's what the cool kids use yeah. I'm also happy to replace it with a self-hosted open source OAuth2 server but that would require running a separate container. If that would be OK, I recently migrated my app from Auth0 to LogTo https://logto.io
Gotcha. AuthJS it shall be!
Let me know if you need anything to tackle that.
Initially clarification on this from the docs you linked to:
Authorization Code Flow with PKCE - This is the recommended way to authenticate and authorize users in a Single Page Application (SPA), and is how our users authenticate in this app. We are using the Classic Universal Login experience. Authorization Code Flow - This repo hosts a Bull dashboard, which can only be accessed by admin "Roles" (i.e. Maybe Finance engineering team)
Are we keeping Redis/Bull?
So, what should auth0 be replaced by? I haven't yet went through the code, but the general way to go is to use passportjs with jwt auth.
So, what should auth0 be replaced by? I haven't yet went through the code, but the general way to go is to use passportjs with jwt auth.
I have no preference other than not using any external service and keeping dependencies to a minimum.
Alright then, can you assign this to me? I'll go through the codebase and will let you know my thoughts in here.
I believe @cbnsndwch may have already begun some work on it. At this stage won't explicitly assign to someone until there's at least a cursory game plan in place based on code review.
Oh okay! In that case I might be able to do a collab in case @cbnsndwch feels so, or take it up in case no one's working on it.
This is open source app and we should go for open source only then. I agree with @rajdip-b use passportjs with jwt. This is good and simple
AuthJS is designed to be used with only Nextjs and serverless whereas PassportJS is best fit for express apps
If you are moving towards NextJS, then AuathJS is good. But the server I see in the codebase is based on express?
So you are planning to move your backend code to NextJS aswell if im not wrong?
No specific plans at the moment. One step at a time. 🙂 But all things considered, I believe AuthJS is the proper solution at this point in time for Auth0 replacement.
@cbnsndwch How are you feeling about tackling this?
Pretty good bit of demand and it's also the biggest blocker to getting the app at least accessible to do additional work on.
Just want to make sure you're feeling okay taking it on.
I'm also taking a stab at it, currently have login/logout and registration working with NextAuth/AuthJS. Next step is to integrate with the existing user model and figure out how to initialize the onboarding flow for new users, also need to do some work on adding fields on the JWT and updating the middleware.
I think it might be worth putting up a draft PR just so we can align on approach before going any deeper. Let me know what you think @Shpigford
~~💎 $500 bounty created by maybe-finance~~
~~🙋 If you start working on this, comment /attempt #16 to notify everyone~~
~~👉 To claim this bounty, submit a pull request that includes the text /claim #16 somewhere in its body~~
~~📝 Before proceeding, please make sure you can receive payouts in your country~~
~~💵 Payment arrives in your account 2-5 days after the bounty is rewarded~~
~~💯 You keep 100% of the bounty award~~
~~🙏 Thank you for contributing to maybe-finance/maybe!~~
| Attempt | Started (GMT+0) | Solution |
|---|---|---|
| 🟢 @Mahmoudgalalz | Jan 13, 2024, 8:05:46 PM | WIP |
| 🟢 @sy425191 | Jan 13, 2024, 8:41:16 PM | WIP |
| 🟢 @tmyracle | #37 |
![algora-pbc[bot] avatar](https://avatars.githubusercontent.com/in/275896?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hey folks!
@Shpigford I only mentioned AuthJS because you said no external dependencies. I've spent quite a few hours getting up to speed and figuring out what needs to be done. Honestly thrown off by the development here. Would have appreciated you reaching out to me directly (Twitter/DM/EMail/others)
Is this now a competition? I'm happy to work with other but not super fond of the pressure, TBH
hi @cbnsndwch i @-mentioned you 24 hours ago after multiple people expressed interest in working on this here in the thread. no response from you, which is obviously fine.
but given this is the single biggest blocker and there's substantial interest in the project right now, we opted to keep moving forward.
there's no competition here. simply a bounty for completing the project.
up to the community itself to decide if/how to work together.
@tmyracle has submitted code and made the biggest strides forward and ultimately we'll optimize for code that's written and submitted.
no bad intentions. simply optimizing for getting code written and a functioning app as quickly as possible.
@cbnsndwch Hey, no ill will intended here. I'm just here to learn so if none of my stuff ends up getting used that's totally fine! I didn't see any response/activity so figured I'd just take a stab at it. Again, didn't mean to cause any issues.
That's fine, I'm not gonna work on this then. @tmyracle no hard feelings 😊, go ahead! I'll find a different way to contribute that isn't as time-sensitive
@Shpigford Is there are anyone working on this, and do you plan to have the auth in the NodeJS, or Next, I see u agree to go with NextAuth
Can work on both, give me a hint about the final decision /attempt #16
