jonasmerlin
jonasmerlin16mo ago

How are people handling authorization?

I noticed that with V10, any mentions of trpc-shield are gone from the documentation. Also, it only has 200 stars on GH, which is not that much when compared to tRPC itself. So I would be interested in how you're are handling authorization when using tRPC?
8 Replies
Nick
Nick16mo ago
Home-rolled tRPC middleware It’s only around 20-30 lines of code because you probably have some verifier library for whatever auth method you’re using, so you just grab the header and verify it, then attach the middleware to a baseProcedure and use it Throw a TRPCError with appropriate code on failure of course
jonasmerlin
jonasmerlin16mo ago
Hey, thanks for your answer! Can you maybe go into a bit more detail on this? Or do you maybe even have an example?
Nick
Nick16mo ago
There’s not much detail to go into. Take a look at the middleware docs for that piece. What are you using for auth?
jonasmerlin
jonasmerlin16mo ago
Right now, I'm using NextAuth
Nick
Nick16mo ago
Isn’t that just an an adapter for other providers? Are you using some other provider or something baked into Next?
jonasmerlin
jonasmerlin16mo ago
I haven't settled on providers yet but I'm aiming for a mix of a few in addition to providing mail/password probably Discord, Github, Google In addition to mail/password and mayybe magic links
Nick
Nick16mo ago
Got it There may be a way to keep using next auth, I’m aware a lot of people integrate tRPC and next quite tightly but I have no experience with it personally For social providers I guess you are looking at more of a auth framework. But either way you might not find a mature trpc integration just yet and be best to use the lower level APIs to implement it I’ve used tools like Azure b2c and Okta which often do have social auth support too, and they’ll give you just a simple verifier library like I mentioned originally
isaac_way
isaac_way16mo ago
If you’ve just started on your app, maybe consider using create-t3-app to generate you project. It sets up next auth for you