Rebuild authentication (remove Auth0) about maybe HOT 36 CLOSED

i have no preference other than keeping dependencies to a minimum.

from maybe.

That's fine, I'm not gonna work on this then. @tmyracle no hard feelings 😊, go ahead! I'll find a different way to contribute that isn't as time-sensitive

from maybe.

Ultimately moving towards NextJS

from maybe.

No specific plans at the moment. One step at a time. 🙂 But all things considered, I believe AuthJS is the proper solution at this point in time for Auth0 replacement.

from maybe.

@Mahmoudgalalz Yeah, @tmyracle is pretty deep in to it: #37

from maybe.

@Shpigford I'm happy to take this one and add AuthJS instead of Auth0

from maybe.

@cbnsndwch i'm completely ignorant on auth solutions for Next. Is AuthJS the most common solution?

from maybe.

It's what the cool kids use yeah. I'm also happy to replace it with a self-hosted open source OAuth2 server but that would require running a separate container. If that would be OK, I recently migrated my app from Auth0 to LogTo https://logto.io

from maybe.

Gotcha. AuthJS it shall be!

Let me know if you need anything to tackle that.

from maybe.

Initially clarification on this from the docs you linked to:

Authorization Code Flow with PKCE - This is the recommended way to authenticate and authorize users in a Single Page Application (SPA), and is how our users authenticate in this app. We are using the Classic Universal Login experience.
Authorization Code Flow - This repo hosts a Bull dashboard, which can only be accessed by admin "Roles" (i.e. Maybe Finance engineering team)

Are we keeping Redis/Bull?

from maybe.

So, what should auth0 be replaced by? I haven't yet went through the code, but the general way to go is to use passportjs with jwt auth.

from maybe.

So, what should auth0 be replaced by? I haven't yet went through the code, but the general way to go is to use passportjs with jwt auth.

I have no preference other than not using any external service and keeping dependencies to a minimum.

from maybe.

Alright then, can you assign this to me? I'll go through the codebase and will let you know my thoughts in here.

from maybe.

I believe @cbnsndwch may have already begun some work on it. At this stage won't explicitly assign to someone until there's at least a cursory game plan in place based on code review.

from maybe.

Oh okay! In that case I might be able to do a collab in case @cbnsndwch feels so, or take it up in case no one's working on it.

from maybe.

This is open source app and we should go for open source only then. I agree with @rajdip-b use passportjs with jwt. This is good and simple

from maybe.

What's the benefit of it over AuthJS, as recommended by @cbnsndwch?

from maybe.

AuthJS is designed to be used with only Nextjs and serverless whereas PassportJS is best fit for express apps

from maybe.

We're pretty deep into Nextjs, so seems AuthJS makes the most sense.

from maybe.

If you are moving towards NextJS, then AuathJS is good. But the server I see in the codebase is based on express?

from maybe.

So you are planning to move your backend code to NextJS aswell if im not wrong?

from maybe.

@cbnsndwch How are you feeling about tackling this?

Pretty good bit of demand and it's also the biggest blocker to getting the app at least accessible to do additional work on.

Just want to make sure you're feeling okay taking it on.

from maybe.

I'm also taking a stab at it, currently have login/logout and registration working with NextAuth/AuthJS. Next step is to integrate with the existing user model and figure out how to initialize the onboarding flow for new users, also need to do some work on adding fields on the JWT and updating the middleware.

I think it might be worth putting up a draft PR just so we can align on approach before going any deeper. Let me know what you think @Shpigford

from maybe.

@tmyracle Draft PR sounds great to me! Go for it.

from maybe.

We've increased the bounty on this to $500.

from maybe.

/bounty $500

from maybe.

💎 $500 bounty created by maybe-finance
🙋 If you start working on this, comment /attempt #16 to notify everyone
👉 To claim this bounty, submit a pull request that includes the text /claim #16 somewhere in its body
📝 Before proceeding, please make sure you can receive payouts in your country
💵 Payment arrives in your account 2-5 days after the bounty is rewarded
💯 You keep 100% of the bounty award
🙏 Thank you for contributing to maybe-finance/maybe!

from maybe.

Hey folks!

@Shpigford I only mentioned AuthJS because you said no external dependencies. I've spent quite a few hours getting up to speed and figuring out what needs to be done. Honestly thrown off by the development here. Would have appreciated you reaching out to me directly (Twitter/DM/EMail/others)

Is this now a competition? I'm happy to work with other but not super fond of the pressure, TBH

from maybe.

hi @cbnsndwch i @-mentioned you 24 hours ago after multiple people expressed interest in working on this here in the thread. no response from you, which is obviously fine.

but given this is the single biggest blocker and there's substantial interest in the project right now, we opted to keep moving forward.

there's no competition here. simply a bounty for completing the project.

up to the community itself to decide if/how to work together.

@tmyracle has submitted code and made the biggest strides forward and ultimately we'll optimize for code that's written and submitted.

no bad intentions. simply optimizing for getting code written and a functioning app as quickly as possible.

from maybe.

@cbnsndwch Hey, no ill will intended here. I'm just here to learn so if none of my stuff ends up getting used that's totally fine! I didn't see any response/activity so figured I'd just take a stab at it. Again, didn't mean to cause any issues.

from maybe.

@Shpigford Is there are anyone working on this, and do you plan to have the auth in the NodeJS, or Next, I see u agree to go with NextAuth

Can work on both, give me a hint about the final decision
/attempt #16

from maybe.

Cool, Looked at it and it is pretty good work

from maybe.

Hey @Shpigford , can we still try to work on this issue? or is it blocked for @tmyracle

/attempt #16

from maybe.

💡 @tmyracle submitted a pull request that claims the bounty. You can visit your bounty board to reward.

from maybe.

🎉🎈 @tmyracle has been awarded $500! 🎈🎊

• Share on socials
• Give feedback

from maybe.

Resolved with #37

from maybe.