Add firebase auth

[arnard76]

Task

• 385 > alternative to uni aws cognito

Solution

Authentication in Firebase is similar to AWS Cognito but I noticed some differences so I chucked them below.

https://github.com/uoa-compsci399-s1-2024/capstone-project-2024-s1-team-15/assets/78939786/1b0a72f1-1e11-4382-82b7-4bde089b3d38

Firebase Authentication

• No (client or team) credit card required for 'spark' plan: https://firebase.google.com/pricing

• it can handle up to 50k users a month and it will be a problem for client or future developers if that limit is reached

  

  differences between Firebase Authentication & AWS Cognito:

  1. firebase auth can only use email & password for authentication whereas aws cognito can use username & password (+ email for resetting password). This customization is not available in firebase (i checked 🥲)
  2. by default firebase confirmation email has a link rather than a code.
     • maybe an improvement because the user won't have to copy and paste anything.
     • However, it requires frontend code changes to authentication flow (See Below)
  3. forgot password email has a link instead of code as well.

Code changes

Backend

• added firebase/auth to services/services.ts
• haven't removed aws cognito so easy to change back if this PR is merged
• to handle difference 1. above:
  • refactored auth.controller.ts
  • refactored validation/input.types.ts

Frontend

• to handle difference 2. above: SignUpForm.tsx: after creating an account, user now sees a message - 'confirmation email has been sent`
  • to handle difference 3. above forgot-password/page.tsx: after sending themselves reset password email, user doesn't see a confirmation code input anymore. And the way they reset their password is with the link in email which goes to (auth)/firebase-actions/page.tsx

Alternative solutions

AWS Cognito (but not university's)

this would mean we don't need to refactor the changes above 😀

however AWS seems to require a payment source so would have to discuss how that works. ideally, it shouldn't be a source that has any money otherwise our code might accidently spend it 😇

Auth0

free plan is a great alternative: https://auth0.com/pricing

no credit card either

looks like it supports username/password (+ email) like AWS cognito so less refactoring changes than firebase solution 🙂

any more ideas ?? 💡💡

[arnard76]

Drafted in case clients want to keep the site live