search

TejasQ / bookoid

An open source library management solution.
https://bookoid.netlify.app/
MIT License
29 stars 15 forks source link

Authentication and Authorization #4

Open TejasQ opened 3 years ago

TejasQ commented 3 years ago

It'd be great to have a

etc. where a user logs in and then can manage their books.

lucashfreitas commented 3 years ago

@TejasQ what about firebase for authentication and database?

TejasQ commented 3 years ago

@lucashfreitas, that sounds great! I've never used it so many I can learn from your pull request!

Let’s just make sure we can have it integrate nicely with Hasura’s auth (see #3)

petercr commented 3 years ago

Nice I would totally love to add some Firebase auth to this project 👍

Is this still an issue that needs solving?

TejasQ commented 3 years ago

Definitely. Please coordinate with @pawel-123 who is leading the backend development.

pawel-cebula commented 3 years ago

@petercr You can find more info on the Hasura backend and schema in #8.

So far we have a user(id, username, email, role) table, where role is an enum field from the user_role table with two rows, user and admin. On first glance it seems to address the basic requirements for authentication and authorization as per the docs.

In the docs, there are some examples/tutorials using Auth0 and Firebase, both of which seem to allow Google, Facebook and Apple authentication.

I've not worked on JWT-based authentication and authorization before so it would be great if you could take the lead on this one and let us know your suggestions.

In the meantime, I'll try to catch up on relevant tutorials and documentation so that I can be more helpful here.

petercr commented 3 years ago

@pawel-123 Nice you know I think I totally forgot to check out the backend code 🤦

If they have a tutorial for adding Firebase as auth I'm sure that would be helpful. I will check it out myself

pawel-cebula commented 3 years ago

@petercr Have you been able to make some progress on authentication?

petercr commented 3 years ago

@pawel-123 No sorry I haven't been able to make much progress on this yet. Unfortunately, both of my in-laws have been having some health issues over the last month or so. 😢 They are okay, it has just been taking up all my free time helping them 😬

I will see if I can make some progress this week, and let you know 👍

petercr commented 3 years ago

I have been going over the docs and a tutorial link here. Firebase definitely looks like a good fit for this project, and we can do Auth0 for Google, Facebook, and Apple.

In the tutorial they also use Firebase serverless functions to add the custom fields that Hasura needs for roles and auth. So that's probably what I'll go with as well.

TejasQ commented 3 years ago

That sounds okay, but please keep in mind we're deploying to Netlify (or Vercel), which both have native support for serverless functions. I'm wondering if we need firebase serverless functions at all since we already have this.

petercr commented 3 years ago

@TejasQ So the whole reason that you end up using Firebase Functions (serverless) is to pass the Hasura roles and user id. I had not really thought about it, but I suppose there's no reason why we could not use Vercel serverless functions to do that. Since access is controlled with Firebase access tokens.

I will look into trying to use Vercel for the serverless functions 👍