Core authentication library for DeepSight
npm install deepsight-auth-coredeepsight-auth-coreThis is the core authentication library for deepsight. I made this library
because I was tired of how complex and non-extensible Auth.js is. Don't get
me wrong, Auth.js is a great library, but implementing some specific usecases,
specially when it comes to various apps connecting to a single auth server,
Auth.js can get really messy and hard to work with.
This is my attempt at creating a simple, yet flexible authentication solution,
so that developers can host their own secure auth server in minutes, and
extend it as their needs grow.
This library is extremely early, and very much a work in progress. It is not even
usable/complete at the moment, and it lacks 90% of neccesary features to be even
considered production ready. However, I expect this to change in the near future.
I am also inspired by Clerk, which is a very popular authentication solution for
modern web apps. One of the things I like about Clerk, is that they provide
great defaults, which make it easy to get started, and very easy to use.
Of course, because Clerk is a completely external service/solution, we can't
expect the same level of simplicity for configurating Deepsight Auth, however,
we will still make it very easy to get started, so that it's not that much of a
difference to set up your own auth server, compared to using Clerk.
First of all, I want this library to expose a very simple REST API, that can make it
easy to develop clients for pretty much every platform. Auth.js REST API is difficult
to use from environments like React Native, because it relies on browser-specific
behaviours to work.
Instead, this library (along with the dedicated server packages for your
platform of choice) will provide a simple, yet flexible authentication solution,
that can be used to authenticate users in a secure manner, from any platform.
A fully working API should could be implemented by copy-pasting a single file, for
instance, imagine a nextjs api route:
``ts
// /api/auth/[[...actions]]/route.ts
import { defineConfig } from "deepsight-auth-core";
import { MemoryDatabase } from "deepsight-auth-core/databases";
import { CredentialsProvider } from "deepsight-auth-core/providers";
import { createHandler } from "deepsight-auth-next";
const config = defineConfig({
endpoint: "/api/auth",
secret: process.env.DEEPSIGHT_AUTH_SECRET,
providers: [new CredentialsProvider()],
database: new MemoryDatabase(),
});
export const { POST, GET } = createHandlers(config);
`
I also want to provide official client libraries for popular platforms and clients,
such as expo, react, nextjs, etc. This will make it easy to authenticate users
on your own server, securely, and from any platform.
Well defined interfaces for things like Providers (like OAuth, email/password, etc),
and Databases (like MongoDB, Postgres, etc), will make it easy to extend the library
with your own custom implementations. First party providers and databases will be
available, facilitating development of common usecases, while also providing the
flexibility to build custom solutions.
I also have some ideas for how to make some crazy custom flows possible, for example
Imagine you want to store your users in some PostgreSQL database, but you want your
JWT blacklist to be stored in Redis, since this is a much faster datastore. You should
be able to define accesorFunctions, so that we can call your custom functions forgetFromBlacklist
specific things, like and addToBlacklist.
Example concept:
`ts``
const config = defineConfig({
endpoint: "/api/auth",
secret: process.env.DEEPSIGHT_AUTH_SECRET,
providers: [new CredentialsProvider()],
database: new PostgreSQLAdapter({
connectionString: process.env.DATABASE_URL,
accessorFunctions: {
getFromBlacklist: async (jti: string) => {
const result = await redis.get(jti);
return result ? true : false;
},
addToBlacklist: async (jti: string) => {
await redis.set(jti, "true", { EX: 60 60 24 * 30 }); // 1 month
},
},
}),
});
Patterns like this one will be possible, and will make it easy to extend the library when
the default configurations no longer suit your needs.
This one will probably have to wait, unfortunatelly. But I do believe that good documentation
is key to a library's success, so I will spend some time to write good documentation for this
library, and I will also provide some examples and a guide on how to use the library.
You don't. For now at least. The library is not even in a state where it can be used.
Sure! I'm always looking for help, and I'm grateful for any contributions. Just pick up any issue
and open a PR, and I will be happy to review it.
Still not decided, but will definetely be an open source license. Probably MIT.
https://gitea.axelpadilla.me/adpadillar/deepsight-auth