You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Problem Statement
It's time to decide on using an authentication library. Prior to setting up the monorepo, we have used Next-auth, which is now becoming Auth.js starting on version 5. This ADR aims to highlight the benefits of using the Lucia authentication library instead of Auth.js.
Comparisons
Concern
Description
Stability 🌉
Many features of Auth.js are experimental. This is problematic since updating to the latest versions will take more hours away from our team, and these experimental implementations may very much be unstable. It is not a solid bet to take on authentication and security. On the other hand, Lucia is newer, but not experimental, and less likely to have major changes.
Framework agnostic 🕸️
Auth.js states to be framework agnostic with its framework integrations. These integrations build on top of @auth/core, which is experimental. I would argue the claim otherwise, because the only framework integrations with stable releases are for Next.js (though v5 is in beta) and Qwik. Everything else is in experimental mode, or has stale PRs like the one for Remix! Meanwhile, Lucia auth works for any framework natively, and allows us to add as much abstraction as we would like, starting from however low level we would like.
Database authentication 🪪
Though implemented in v5 (beta), session authentication is not possible on Next-Auth v4. My assumption for this is because it's not easy to do session authentication on Vercel's Edge functions, which Next-Auth is most often coupled with. Lucia auth allows for both session and token based authentication.
*Other comparisons like developer experience, security, and more were not made as they were similar with both authentication libraries.
Solution Summary
Solution
Implement basic authentication with at least one OAuth provider (Google/GitHub) in #94 as a @cuhacking/auth library using Lucia.
Other options considered
N/A
The text was updated successfully, but these errors were encountered:
JeremyFriesenGitHub
changed the title
[ADR]: Use Lucia library for authentication instead of Auth.js
[ADR]: use Lucia library for authentication instead of Auth.js
Sep 19, 2024
There is a new authentication tool asides from lucia known as Logto.io. Would it meet the requirements as to what you're looking for?(stability wise)
@rayhaanfarooq Hey Rayhaan! That's actually a really cool open source IAM platform. We merged in Lucia recently, it's great for our purpose and easy to add on to it. But because it's only used by the API library, it's easy to rip out and change to another solution
After looking at it, using Logto would mean less setup for us in the future & less points of failures. You are more than welcome to make an ADR on this (similar to this one) to mention how it would fit our use case better than Lucia auth, and if you feel like it, take ownership of that issue. Again, it's super easy to rip out Lucia Auth
Problem Statement
It's time to decide on using an authentication library. Prior to setting up the monorepo, we have used Next-auth, which is now becoming Auth.js starting on version 5. This ADR aims to highlight the benefits of using the Lucia authentication library instead of Auth.js.
Comparisons
@auth/core
, which is experimental. I would argue the claim otherwise, because the only framework integrations with stable releases are for Next.js (though v5 is in beta) and Qwik. Everything else is in experimental mode, or has stale PRs like the one for Remix! Meanwhile, Lucia auth works for any framework natively, and allows us to add as much abstraction as we would like, starting from however low level we would like.*Other comparisons like developer experience, security, and more were not made as they were similar with both authentication libraries.
Solution Summary
Solution
Implement basic authentication with at least one OAuth provider (Google/GitHub) in #94 as a
@cuhacking/auth
library using Lucia.Other options considered
N/A
The text was updated successfully, but these errors were encountered: