search

sveltejs / sapper-template

Starter template for Sapper apps
703 stars 214 forks source link

Add example on authentication #37

Closed vladejs closed 4 years ago

vladejs commented 6 years ago

How authentication can be achieved? Is there a best practice?

I think the best way is to integrate with ooth.

Crisfole commented 6 years ago

Currently under discussion here: https://github.com/sveltejs/sapper/issues/178

vladejs commented 5 years ago

I'm reopening this since I haven't found a concrete best practice to authenticate on Sapper > 0.27.1 with Svelte 3.

nielsvandermolen commented 5 years ago

Here is a specific example using express-session and the Sapper session store which can be useful for other people struggling with authentication in Sapper.

https://www.nielsvandermolen.com/authentication-example-svelte-sapper/

thismatters commented 4 years ago

I think the original question "Is there a best practice?" still is open. The article linked shows a method, but ought that be the de-facto choice for handling auth tokens?

I would be curious to see an example of using localStorage for a token and/or reasons why localStorage would be a poor choice. Likewise for cookies.

Edit: while putting in a good-faith effort to provide an example using localStorage I realized that it is probably a flawed approach given that localStorage isn't available to the server thus rendering preload somewhat useless.

Niels, does your method (using RedisStore) allow the session to survive a refresh? After following the RealWorld example (I didn't want to stand up a redis instance or add it to my stack, if possible) the session seems to be lost upon refresh.

Crisfole commented 4 years ago

@thismatters the details of how to store auth tokens are contentious and a matter of personal preference, which is why no best practice is offered. In the case of sapper you almost certainly will want to store a cookie. It's the only way to push back data on every request: this means your initial request that gets SSR and each subsequent request for api level stuff.

But other than that you've got options. I like jwt tokens, you might want to just encrypt the user ID and send it back

antony commented 4 years ago

Closing as this will end up on the society site at some point as a Recipe.

Right now you have at least two concrete examples (that are in production use) - Auth with JWT and a custom backend:

https://github.com/antony/sapper-authentication-demo

And an oAuth tutorial

https://enzy.org/blog/integrating-auth0-with-sapper

It's not something that is likely to end up in this template, however.

roelandxyz commented 4 years ago

Would be nice if there was a simple sapper example with passport and without a separate backend. (Edit: I found a possible solution here: https://stackoverflow.com/a/58659092)