Closed timmkroe closed 4 years ago
I see that this would fit into the "complete application" vision, but would lock everybody in a single implementation.
Whatever the approach I choose to add authentication and authorization, the vast majority of users that are not familiar with it would be left with two options:
On top of all that, I think security is a sensitive subject that should be left to the developer to weight risks, trade-offs and benefits between approaches.
Even though I don't plan on supporting it, I may write a tutorial/guide on how to integrate this project with something like Auth0.
Is your feature request related to a problem? Please describe. The project is described as an application. An Application with just the view perspective on data isn't a real application in my eyes. There also should be a layer to work with the data including Authentication. So not anybody can access certain pages. For example creating a new data entry or editing one. Maybe not every user should be allowed to do so.
Describe the solution you'd like A good approach would be OpenID Connect and OAuth2.0. This offers many possibilities since this type of auth is very common in a microservice architecture. Also you can integrate third party auth providers like google and co.
I found some implementations using React:
https://identityserver4.readthedocs.io/en/latest/intro/big_picture.html#the-big-picture
Edit It would be nice to use "Zustand" and "Immer" instead of Redux. It is more lightweigth and easier to use.