Open myrddral opened 5 days ago
Time spent: 5
EDIT: Had to spend a bit more time on configuring oauth providers -> created the project within the provider's console, generate clientId and clientSecret, update local and vercel env variables. Moreover, while provider sign in validates the users based on their email address, it does little more by default. I will extract the auth token issued by the provider which should be validated on the backend, and return the JWT required to access API resources. From here on, the session managagement logic stays the same as with using credentials sign in only. I will create a separate task to enhance current auth functionality of the API with refresh tokens.
Note: Before going live with the app, the currently registered projects providing oauth must be transferred from my account to one associated with an account belonging to Garuda Academy (google explicitly requires an app verification when moving to production)
UPDATED! Time spent: 5 + 2 (provider config) + 2 (get API token for oauth token) -> 7 hrs