pjnicolas
pjnicolas13mo ago

How would you implement basic auth session tokens with tRPC?

I'm building a hobby app which requires basic auth. I'm used to use express and express-session along a SQL database (for the user data) and Redis (for the session data) to achieve that very easily, but I'm interested in learning tRPC. My app is built in Next.js as a monorepo, and I would like to NOT implement JWT for authentication, just plain old session tokens. I'm thinking in implementing my own version on express-session for tRPC, but that sounds dangerous as I'm not that familiar with the technology or with backend code in general. What would you suggest to keep it simple? I don't want to rely on external services like auth0 or firebase, but keep everything in my own server. This is a hobby app and it's not going to have a lot of active users. Thanks!
6 Replies
Alex / KATT 🐱
Alex / KATT 🐱13mo ago
i use next-auth with db session only annoying part is that they, for unknown reason, don't allow user/password login with db sessions
pjnicolas
pjnicolas13mo ago
So what do you use if you can't use user/password login? I find that very weird since it's the simplest method of authentication
Alex / KATT 🐱
Alex / KATT 🐱13mo ago
oauth with different providers and magic link
ippo
ippo13mo ago
JWT is just bad for authentication and was never designed as an authentication tool. JWT is an authorization tool by design. (if you are interested I can give you tons and and tons of evidence, articles etc.) Here is a light read: http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-for-sessions/ next-auth uses JWTs for its session strategy and as far as I know, there is not really a good and flexible cookie-session next.js alternative so what should you do? If you want to (and also should) use session cookies for authentication go with express-session. In that case you need a custom next.js server that you can easily setup. If you have that you can use all battle tested express modules and have your custom and extremely custom authentication and authorization logic that you can imagine. The other benefit is that you can use sockets easily in your nextjs/trpc app
Dani;
Dani;13mo ago
There is this new tool which is gaining popularity recently: https://github.com/pilcrowOnPaper/lucia
GitHub
GitHub - pilcrowOnPaper/lucia: Authentication, simple and clean
Authentication, simple and clean. Contribute to pilcrowOnPaper/lucia development by creating an account on GitHub.
Chris Jayden
Chris Jayden13mo ago
Lucia is awesome. Started as a SvelteKit lib a long time ago. Came a long way
More Posts
Example for tRPC, stable version, with RSCHi This may be a stupid question... The readme of the experimental example mentions > Note You Dynamic return typeIs there any way to have dynamic return type with tRPC? Simple example: If I provide x: true on boSometimes invalidate not work...hello sometimes invalidate method does not work in `onSuccess` anyone same? using NextJS, pnpmtrpc client request size limits?I am sending a pretty sizable request and am seeing ``` [TRPCClientError: JSON Parse error: UnexpecMake tRPC return Bad Request on Zod validation error?As the title says, how can I make tRPC return a proper error message, like a Bad Request, when thereUsing proxyClient in vercel edge functionHey guys, i want to call my trpc apis inside vercel edge functions. Edge runtime does not have all cookies not being set in procedureThis is all the code for setting my cookie ```js import { publicProcedure, router, userProcedure } fuseSubscription simplified with react queryHi Guys, looking for a way to simplify the use of useSubscription. Currently I do the following: 1Next.js app router catch-all HTTP methodsThe app router already supports the catch-all file for route resolution, but AFAIK still expects sepTRPC Vanilla Client (T3 stack)I'm using the T3 stack (Next + TRPC + etc) and I'm trying to figure out how to do vanilla queries th