search

monacoremo / postgrest-auth

Postgres extension for authentication in PostgREST
MIT License
3 stars 1 forks source link

How to handle or reference state in the extension (e.g. sessions and users) #1

Open monacoremo opened 4 years ago

monacoremo commented 4 years ago

I'm wondering: How can we integrate with existing 'user' tables that the users of our extension will have? If we track sessions within the extension, we would like to have a foreign key constraint on that table. Or, if we also leave the sessions table to the users of our extension, how can it be used by the functions that we define?

Does it have to be passed as a global setting?

How do other stateful extensions handle this?

steve-chavez commented 4 years ago

My idea was that this extension will serve as a template which other users can extend. So the focus shouldn't be on how to integrate with already existing schemas but having a basic users table that can be extended. Perhaps with pg inheritance, like:

CREATE TABLE my_users (
  my_attrs json
) INHERITS (pgrst_auth.users);
monacoremo commented 4 years ago

It's a tricky question I think - e.g. with the inheritance model, how would our helper functions for logging in etc. know which tables they should look at? The users of the extension would likely have to recreate all functions themselves...

TimescaleDB identifies the table that it connects to with an OID: https://docs.timescale.com/latest/api#create_hypertable

Maybe this is a possible solution? We could provide functions like setup_session_auth(schema, user_table, ..., apischema) that sets up all the tables, views, functions and api endpoints?

steve-chavez commented 4 years ago

I see the problem now. Then maybe we shouldn't make postgrest-auth a pg extension. The value is also not clear yet.

it'd be better to first integrate sessions with jwt in an auth schema and then point users to this repo on a how-to or tutorial.

monacoremo commented 4 years ago

Agree, an extension is not a good fit for now, we should start simple.

it'd be better to first integrate sessions with jwt in an auth schema

What do you have in mind? Would JWTs be an option next to email+password for the initial authentication? Integrating 2FA / OTP would be great also.

steve-chavez commented 4 years ago

For now I think integrating what we have would be good. Additions can come progressively.

The tutorial form of https://github.com/monacoremo/postgrest-sessions-example/ is great but I'd like to have a code-only version of sessions here.