alexfinnarn
commented
3 years ago Based on looking at trends, https://www.npmtrends.com/next-auth-vs-@auth0/nextjs-auth0-vs-react-use-auth, the current authentication package I'm using is not trending as well as this: https://next-auth.js.org/getting-started/introduction
NextAuth includes things like database tables, and so this supersedes the scope of this issue. I'll have to add an issue about changing the underlying auth dependencies.
User information needs to be stored somewhere and accessible to the whole application's components. React's Context feature can handle this need and is appropriate since user information won't change often. If the user object ends up needing to update more frequently, then Recoil is probably a better state management tool.
Required
What area of the codebase does this involve?
Everything underneath the
_App.tsxNext.js entrypoint. API routes and the eventualserver.jsbootup file will not be impacted.Relate To Security?
Choosing how to validate user actions will impact security. For starters, it might be good to revalidate access within all page components...so really within
AdminLayoutas it will be put on all admin pages.While the user's credentials need to be checked if the session cookie isn't included in the initial request, checking on each request might slow down the UI rendering vs. assuming the user is who they were a minute ago and confirming after the page loads.
Acceptance Criteria
UserContextto_App.tsxand its childrenuseEffect()hook toAdminLayoutthat revalidates user access once the page loads and kicks the user out if improper access