Where is the Passport.js implementation?

[tylervick]

Hey there, love this project!

I was wondering if there were plans to re-implement Passport.js after it was removed in #109 after converting to TypeScript.

Currently there doesn't appear to be an auth mechanism implemented by default, while there are still many references to the user object.

[koistya]

@tylervick if you need just commonly used authentication methods - email/password, phone, magic link, Google / Facebook / Apple, then you may not need Passport.js. You can take advantage of a 3rd party authentication provider such as Firebase Auth, yet store user accounts inside of the application database.

In the case with Firebase Auth, you would add a trigger for [Sign In] button looking somewhat like this:

mutation SignInMutation($idToken: String!) {
  signIn(idToken: $idToken) {
    me {
      id
      email
      displayName
    }
  }
}

const history = useHistory();
const [signIn] = useMutation(signInMutation);

async function handleSignIn() {
  const provider = new firebase.auth.GoogleAuthProvider();
  provider.addScope("email");
  provider.addScope("profile");

  // Open sign in dialog and get Firebase ID token
  const { user } = await firebase.auth().signInWithPopup(provider);
  const idToken = await user.getIdToken();

  // Sign in into the API using that token and reload the page
  signIn({
    variables: { idToken },
    onCompleted() {
      history.replace(history.location);
    }
  });
}

signIn, signOut mutations can be found in api/mutations/auth.ts.
And the actual implementation is located in an auth middleware for Express api/auth.ts.