Authentication in FaunaDB skeleton repository preview

databrecht · September 16, 2020, 5:16pm

Hi folks,

I have just put the repository that I am working on in combination with a series of articles public: https://github.com/fauna-brecht/skeleton-auth Consider it currently ‘in review’. Therefore, it’s currently still on my personal GitHub user and not an official fauna repository yet, but we figured that it might already be interesting to preview (or it might not be interesting, in that case, that’s valid feedback).

The basic content (a frontend only approach and an approach with a partial backend) are separated in two different branches. Extra features are added later on with separate commits so you could check out the simple branches first and see what code is added for a specific feature.

I am, of course, very interested to hear what the community thinks. Bear in mind that I’ll be away next week though. The commits show what the different features are. If navigating a repository is not your thing, no worries, the articles are coming. We simply wanted to already provide a preview for the people who are waiting for this content and might want to look at the code/approaches.

vasco3 · September 17, 2020, 3:54pm

will this implement password less login?

ptpaterson · September 17, 2020, 4:13pm

Wish I could add more hearts! I am very excited.

@vasco3 The README puts 3rd party identity on the roadmap.

databrecht · September 17, 2020, 4:40pm

That depends, define ‘passwordless’ .
If that means ‘magic links’ then I would say, I thought about it and last minute removed it from my ‘extras’ since it’s often frowned upon by security experts.

If that means ‘SSO’. Yes! as @ptpaterson indicates. We will add branches that implement SSO by using external identity providers once the features that are on the roadmap are out to support this integration in a more elegant way. At this point we don’t intend to implement SSO manually.

We will probably add a SuperTokens integration (an npm library) as well which radically simplifies the second example with a backend refresh/access flow and provides you with more advanced security features out-of-the-box (techniques such as browser sync). We are very interested to hear whether that sounds interesting and justifies a license.

AB_pnc · September 24, 2020, 2:04pm

This would require some meaningful modifications to work in a serverless stack though, correct? Netlify functions for example are stateless so without session you would have to go the JWT route I presume.