dbAuth is here: host your own authentication, the old fashioned way

Get Help and Help Others Solutions
22

Good idea!

Should a loginHandler always have to be defined, or do you think loginHandler() is optional, and if you don’t define it, it falls back to the current behavior (returning the ID of the user that needs to be saved to the cookie)?

If you do define it, you can include any logic you want, you just need to make sure to return the user ID just like the default behavior? Maybe loginHandler() is passed the user record that matches the username/password, and then you can inspect that data (or even pull additional data from the DB if necessary) and determine whether to return the ID, or throw an error. You can then respond to that error in your LoginPage

Created an issue: dbAuth: Add a `loginHandler` similar to the `signupHandler` · Issue #3064 · redwoodjs/redwood · GitHub

23

@rob Support jwt?

24

There’s no JWTs needed in this implementation—it relies on an encrypted cookie that stores the ID of the user that’s logged in. You get that ID in your getCurrentUser() function, so that you can lookup the user however you want (similar to using the sub property of a JWT in other auth implementations).

1 Like
25

Gonna move my thoughts to that issue to keep this post lean!

1 Like