Signup and Login for backend (Local and social login)

[anurag-majumdar]

According to the showcase app's requirements, looks like there will be an Admin section and a Project owner section. Only the user who will be visiting the projects need not need authentication. So there are 2 roles in total for authentication part.

This is going to be an important part of the application, let us discuss the strategies which we can use.

I have some ideas in mind, will share them as a flow diagram here. Normal login and social login features can be set.

[palnabarun]

I suggest using Firebase Auth and Database for all the backend auth and storage. It is robust and usability is good.

[Rohanhacker]

Are we using node for backend ??

[kanlanc]

We can in the model of the user make a admin attribute and we can put restrictions on some routes for admin

As for method, we can use JWT and local storage or cookies or there is passport option too to consider but I have made some projects before and simple JWT and localstorage worked for me.

[nikitasharma2692]

For the role we can use jwt and put up the token in the cookie for the authorization. It will make the process quiet easier.

[kanlanc]

But do react and cookies go well together? Last time I checked I couldnt fond a decent tutorial on it and so went with local storage

[nikitasharma2692]

Yes it does, Anything that works with javascript will work in react.

[kanlanc]

Cookies it is then..

[kanlanc]

Then shall I will work on this

[Rohanhacker]

I'd like to work on it

[palnabarun]

@highskillzz @Rohanhacker Let us first decide on the wireframes in the other issue. Once that gets sorted, we can work on the models and auth.

[deveshjadon98]

I agree with @palnabarun, we should focus on UI part by integrating firebase in our app. and the JWT can be used for management as suggested by @highskillzz

[anurag-majumdar]

I would definitely like to work on this part too since I have worked on similar issues before in some open source projects too. @highskillzz as you mentioned, we can use cookies, that is a good idea, that will prevent XSS attacks. @palnabarun since I do not see any back-end code generated using node.js for the project, using firebase can really help us out in this. We can use FireStore similar to MongoDB for queries and schema design and after getting the access token from social or normal login plugins we can easily use it with cookies on client side to generate the admin and project owner sessions.

Great to see enthusiasm generated for these features.

Currently, I am making the wireframe for the sign up and login page, will share it asap.

[Rohanhacker]

@palnabarun There is no point in blocking backend on wireframes they are completely independent

[ritikrishu]

Let's discuss basic skeleton for the backend and properly document it, next time we all can join in a call. If we get the roadmap well documented, it'll help contributors get an idea and pick an open issue. Also prevents small modular discussions in parts spread between different issues. @divyamrastogi @palnabarun @ParthS007 @PrabhanshuAttri @shubhshrma @realslimshanky

[palnabarun]

@ritikrishu I was also thinking of the same. @anurag-majumdar Waiting for your wireframes. :)

[kanlanc]

@Rohanhacker Yes node for the backend but should we use sails? because it comes with admin and user login done already

Sorry guys my net was slow and this message is going now and I am unable to delete it.

But do answer will we use express or sails or any other for that matter

[kanlanc]

@ritikrishu I agree with you, also it is best if we make a time schedule of by when what should be done so that we can move forward on the main components, so as to generate a MVP within the next few weeks.

[Rohanhacker]

I think express is better because sails is still not have its version 1.0 and express provide a lot of flexibility. We have so many contributors so creating admin and user login stuff ourselves won't be much of a problem @highskillzz

[anurag-majumdar]

@Rohanhacker I agree with you on this one since express is really quite stable and it makes it really easy to use a lot of features. We simply cannot go wrong with express.

[Rohanhacker]

I don't think firebase if good for an open source project

[PrabhanshuAttri]

@ritikrishu Let's discuss this. I think firebase with cookies and IndexDB can work.

[kanlanc]

ok then

server-express(decided) database- firebase or mongoDB or IndexDB7 authentication-cookies(decided)

Right? This is to clear anyone new to the discussion. @Rohanhacker @anurag-majumdar @palnabarun

[anurag-majumdar]

@highskillzz Yes, you are correct. I guess according to the discussion in this thread, MERN will be the way forward. I have some ideas regarding the sign up and login processes. Will share a flow regarding the same for social sign up.

Considering React as a client separated from the server by a REST API Node we can get the login/signup along with social signup feature working within 1-2 days.

[anurag-majumdar]

Hi guys, I came up with a flow regarding the Social login process using Fb, Google or any other such accounts.

Here is the flow diagram:

The official fb and gapi for client sdk. https://developers.google.com/identity/sign-in/web/ https://developers.facebook.com/docs/facebook-login/web

To make use of the following diagram flow, we need to use the following packages in our Node server: passport-facebook-token passport-google-token

I have followed this logic before in my applications and it works perfectly fine. If the idea is accepted will document this in readme file as a standard guide section for social sign up.

Let me know what you guys feel.

[kanlanc]

awesome

[Rohanhacker]

how do we proceed with it now ? I think one person can implement a backend strategy and one can work on frontend ? Lets create issues and assign it to people. I would like to take either frontend or backend for Facebook.

[sounak07]

I would like to take some backend task as well.

[Rohanhacker]

@sounak07 I didn't know ghouls can do backend 😜

[sounak07]

Perk of being one eyed ghoul @Rohanhacker 😎

[anurag-majumdar]

This will be a long task, it will be better to divide this in such a way such that maximum people who are interested in this domain can work. So it will be like implementing a specific part of the facebook or google signup process by 2-3 people instead of one person only.

After all we have to remember this is a collaborative project. If this had not been collaborative then I can implement this whole feature within 12 hours time with both Google and Facebook login both front to back with React and Angular both. I did the same thing within a day's time with Angular before.

I will request the mods and co-mods to break this part up and assign them to people so that all can contribute as well as learn.

I hope I answered most of the queries here @sounak07 and @Rohanhacker 😄

[ritikrishu]

Since we are using firebase, probably this should be just about toggling a button on our console. What do you guys think we should support authentication with? IMO, we either give Google and Github or just GIthub!

[anurag-majumdar]

Let's go ahead with both. Firebase can do all the hardwork for us. We can easily integrate both.

[realslimshanky]

Closing this issue since we have decided to user Firebase now. Similar discussion: https://github.com/UdacityMobileWebScholarship/showcase-app/issues/17#issuecomment-383792377