Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[ADR]: use Lucia library for authentication instead of Auth.js #111

Closed
JowiAoun opened this issue Sep 16, 2024 · 2 comments · Fixed by #113
Closed

[ADR]: use Lucia library for authentication instead of Auth.js #111

JowiAoun opened this issue Sep 16, 2024 · 2 comments · Fixed by #113
Assignees

Comments

@JowiAoun
Copy link
Collaborator

Problem Statement
It's time to decide on using an authentication library. Prior to setting up the monorepo, we have used Next-auth, which is now becoming Auth.js starting on version 5. This ADR aims to highlight the benefits of using the Lucia authentication library instead of Auth.js.

Comparisons

Concern Description
Stability 🌉 Many features of Auth.js are experimental. This is problematic since updating to the latest versions will take more hours away from our team, and these experimental implementations may very much be unstable. It is not a solid bet to take on authentication and security. On the other hand, Lucia is newer, but not experimental, and less likely to have major changes.
Framework agnostic 🕸️ Auth.js states to be framework agnostic with its framework integrations. These integrations build on top of @auth/core, which is experimental. I would argue the claim otherwise, because the only framework integrations with stable releases are for Next.js (though v5 is in beta) and Qwik. Everything else is in experimental mode, or has stale PRs like the one for Remix! Meanwhile, Lucia auth works for any framework natively, and allows us to add as much abstraction as we would like, starting from however low level we would like.
Database authentication 🪪 Though implemented in v5 (beta), session authentication is not possible on Next-Auth v4. My assumption for this is because it's not easy to do session authentication on Vercel's Edge functions, which Next-Auth is most often coupled with. Lucia auth allows for both session and token based authentication.

*Other comparisons like developer experience, security, and more were not made as they were similar with both authentication libraries.

Solution Summary

Solution
Implement basic authentication with at least one OAuth provider (Google/GitHub) in #94 as a @cuhacking/auth library using Lucia.

Other options considered
N/A

@JowiAoun JowiAoun self-assigned this Sep 16, 2024
@JeremyFriesenGitHub JeremyFriesenGitHub changed the title [ADR]: Use Lucia library for authentication instead of Auth.js [ADR]: use Lucia library for authentication instead of Auth.js Sep 19, 2024
@rayhaanfarooq
Copy link

There is a new authentication tool asides from lucia known as Logto.io. Would it meet the requirements as to what you're looking for?(stability wise)

@JowiAoun JowiAoun linked a pull request Oct 5, 2024 that will close this issue
@JowiAoun
Copy link
Collaborator Author

JowiAoun commented Oct 5, 2024

There is a new authentication tool asides from lucia known as Logto.io. Would it meet the requirements as to what you're looking for?(stability wise)

@rayhaanfarooq Hey Rayhaan! That's actually a really cool open source IAM platform. We merged in Lucia recently, it's great for our purpose and easy to add on to it. But because it's only used by the API library, it's easy to rip out and change to another solution

After looking at it, using Logto would mean less setup for us in the future & less points of failures. You are more than welcome to make an ADR on this (similar to this one) to mention how it would fit our use case better than Lucia auth, and if you feel like it, take ownership of that issue. Again, it's super easy to rip out Lucia Auth

Thanks for bringing this up 😃

@JowiAoun JowiAoun closed this as completed Oct 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Status: ✅ Done
Development

Successfully merging a pull request may close this issue.

2 participants