Open zenlex opened 4 months ago
We considered implementing Auth.js on the front-end and a redis-based session store, but as you mentioned, at some point down the road we'll probably be managing plumbing between a number of different services and applications with various stacks.
RE: Your suggestion of Clerk, that's probably our best bet. It's build on top of Auth.js (they maintain the library now), and it comes with integrations for just about everything we might need. It's built on open source, so if we need anything they don't have we can do it. Plus, in my experience, they've always been quite responsive and quick to add requested features!
Yeah I think Clerk is a good choice at least to start with. Just need to figure out what user data we actually want to persist and where. Auth.js will use a database session if we want it to. Trying to think through where we might want to run a less secure but simpler and probably ok JWT flow vs if/where we'd want db sessions. Kinda hard to determine at this point without more high level discussions about some anticipated features/datasets. Like:
In the interest of following my own advice about not building stuff we don't need until we need it, here's where I'm thinking we'll start:
Use Clerk for Auth and Session management and User Profile management for front end (including role management/verification)
API gateway ingress will validate the JWT/Session from Clerk
I'm thinking I'll also add on to the gateway eventually:
This way we're managing microservice 'sessions' at the gateway level, and just tying them to users by getting the user from Clerk to give us the cache key instead of baking arbitrary microservice 'session' data into the user profile metadata.
To start I'll build in the routing part of that service but use clerk userprofile metadata for now to keep it simple, so services could read/write their own meta to a user profile, managed by the gateway.
Then if/when that gets unwieldy we can add the redis cache to move any microservices user meta out of clerk
The microservices shouldn't know anything about clerk directly essentially.
**Clerk user metadata is limited to 8kb
I made a picture of my word salad 😅 @helmturner this make sense with your previous clerk experience and the wild west microservices architecture we're trying to keep open? (I left the front end authed UI flows ambiguous at this point as I think what I'm working on should be agnostic of that)
LGTM, but when are you hoping to have this shipped? Are you trying for this by Tuesday?