Allow custom verification token strategy

Question

Allow custom verification token strategy

Closed this issue 21 days ago · 1 comments

Is your feature request related to a problem? Please describe.
Currently, there is no way to apply custom behavior to verification token generation. For more details, refer to this Discord thread.

Describe the solution you'd like
The ability to define custom behavior for verification token generation. Examples include validation using a Redis cache with TTL, storing tokens in a database, using JWTs, and more.

Describe alternatives you've considered

Using patch-package to directly override Vendure’s source code, which is not an ideal approach.
Reassigning the generateVerificationToken and verifyVerificationToken methods of VerificationTokenGenerator, which feels inelegant and hacky.

Additional context
Allowing developers to define a custom VerificationTokenGenerator strategy would greatly benefit those needing custom behavior. The API should be simple and intuitive, similar to how the PasswordCipher works with passwordHashingStrategy to override the default hashing behavior.

A possible implementation could look like this:

// vendure config
authOptions: {
  verificationTokenStrategy: new CustomVerificationTokenStrategy()
}

Where the CustomVerificationTokenStrategy might be defined as:

class CustomVerificationTokenStrategy implements VerificationTokenStrategy {
  generateVerificationToken(ctx: RequestContext): Promise<string> | string;
  verifyVerificationToken(ctx: RequestContext, token: string): Promise<boolean> | boolean;
}

Answer 1 · 2024-12-24T16:42:10.000Z

I have opened a pr to address this issue #3294