pjnicolas
pjnicolas12mo ago

How would you implement basic auth session tokens with tRPC?

I'm building a hobby app which requires basic auth. I'm used to use express and express-session along a SQL database (for the user data) and Redis (for the session data) to achieve that very easily, but I'm interested in learning tRPC. My app is built in Next.js as a monorepo, and I would like to NOT implement JWT for authentication, just plain old session tokens. I'm thinking in implementing my own version on express-session for tRPC, but that sounds dangerous as I'm not that familiar with the technology or with backend code in general. What would you suggest to keep it simple? I don't want to rely on external services like auth0 or firebase, but keep everything in my own server. This is a hobby app and it's not going to have a lot of active users. Thanks!
6 Replies
Alex / KATT 🐱
Alex / KATT 🐱12mo ago
i use next-auth with db session only annoying part is that they, for unknown reason, don't allow user/password login with db sessions
pjnicolas
pjnicolas12mo ago
So what do you use if you can't use user/password login? I find that very weird since it's the simplest method of authentication
Alex / KATT 🐱
Alex / KATT 🐱12mo ago
oauth with different providers and magic link
ippo
ippo12mo ago
JWT is just bad for authentication and was never designed as an authentication tool. JWT is an authorization tool by design. (if you are interested I can give you tons and and tons of evidence, articles etc.) Here is a light read: http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-for-sessions/ next-auth uses JWTs for its session strategy and as far as I know, there is not really a good and flexible cookie-session next.js alternative so what should you do? If you want to (and also should) use session cookies for authentication go with express-session. In that case you need a custom next.js server that you can easily setup. If you have that you can use all battle tested express modules and have your custom and extremely custom authentication and authorization logic that you can imagine. The other benefit is that you can use sockets easily in your nextjs/trpc app
Dani;
Dani;12mo ago
There is this new tool which is gaining popularity recently: https://github.com/pilcrowOnPaper/lucia
GitHub
GitHub - pilcrowOnPaper/lucia: Authentication, simple and clean
Authentication, simple and clean. Contribute to pilcrowOnPaper/lucia development by creating an account on GitHub.
Chris Jayden
Chris Jayden12mo ago
Lucia is awesome. Started as a SvelteKit lib a long time ago. Came a long way