-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add more auth options to the CLI #1593
Comments
This sounds interesting. I wonder if that is in the plan for this tool. I would love to do this if it something that is planned and no takers. |
We are considering adding Clerk and/or Lucia but still nothing definite. |
I really like Lucia for auth, can I make a PR that adds it as an option? |
I read on an old issue that there were plans for "add on" plugin for auth, can you provide examples or idea of how we should implement it |
cc @c-ehrlich @nexxeln what'ya think? |
I thought that one big ethos of t3-oss was to honor the last part of the name... -oss. Although, I see that if we still have the option to choose open-source alternatives, then technically it is still honoring that |
id be up for it. but @ronanru maybe first make an example repo(s) for what output apps would look like - to keep it small, maybe /pages + prisma and /app + drizzle. gives us something to look at / talk about with less initial effort. |
Made a quick output example. |
Waiting on Auth.js to drop so we have a Expo/Next.js connector merged to it - and finally have a React Native/React connector ! |
What about Supertokens? It's similar to Clerk but has a self-hosted option. |
As a follow on to what @RobSchilderr said, we can also offer users the choice of adding different types of auth to their app:
This choice can be from the CLI itself, and the generated app has the relevant config already setup for their chosen auth method (and in case users are not sure which method they want, we can just default to email password). Regardless of SuperTokens being added, I think allowing users to pick a specific auth method will be cool. |
I personally don't see why this would be a necessary addition to the CLI tool - NextAuth, Lucia, etc. all provide fairly straightforward ways to customize the providers (email, oauth, etc.) that you can use as they are, so having a choice in the CLI tool saves very little time and bloats the code of create-t3-app. Additionally, you can usually use more than one at once, and that increases the complexity further of integrating that into the CLI. IMO good examples and documentation are better in this case than more CLI options. Separately, providing "dev credentials" for oauth isn't really feasible, since oauth requires you to setup your app by the providers, and even if it was feasible, it would be pretty insecure. oauth is really strong because it's really easy to use to sign in with real accounts, so dev credentials can just be whatever provider you use (github, discord, etc.). |
Yup, however, it's just one less friction point for users to get what they want. In order to customise these solutions, users would need to dive into the docs of these auth providers, which can be annoying. But I understand that it will make the CLI code a bit more complex.
There is a way to make it work for any domain by introducing a proxy domain in the middle. This IS a security issue indeed, which is why we should somehow enforce that these credentials are only used for dev builds. Again, the aim here is to get people started as quickly as possible. |
we are definitely never adding credentials auth. if someone wants to implement it in their app, that's on them. the effort of reading one page in the next-auth docs is tiny compared to the actual work that is required to make something that is secure and fits the greater needs of their project. having it as a CLI options is leading people down a dangerous path. our goal is to give you a next-auth implementation that is integrated with Next, tRPC, Drizzle/Prisma, etc, but not tell you what your entire auth setup should look like. the reason for the discord provider is that it requires the least amount of work to get from zero to something, but almost nobody will keep using discord for auth when they build a real app. users having to swap it out is a feature, not an oversight. |
I dont think anyone on the core team has tried that and we're only adding stuff we're comfortable to recommend to others so it's currently Clerk and NextAuth, maybe Lucia |
I would like to +1 Lucia here, since it seems to fit well within T3, specifically because it is similar to NextAuth/Auth.js in that it runs within Next.js - a notable difference between it and something like Clerk, Supertokens, etc. Adding Clerk or a different hosted auth provider seems like it would overcomplicate things, because the end-user/developer would have to go set it up and get API keys for the hosted service in addition to getting the Client ID and secret for their OAuth provider(s) of choice before they can run the dev script and get going. |
Won't that be true for any auth solution (including nextauth)? Unless of course, the generated app uses oauth credentials that relies on a proxy domain. |
Well yeah you always need a client ID and secret no matter what oauth solution you use, but my point was that NextAuth/Lucia dont need any other API keys or anything since they are not external to Next.js. |
I would like a clerk add on. (I have never tried Lucia) I just finished adding clerk to a T3 project (trpc, typescript, prisma, tailwind) and it was not trivial (for me at least) to get everything to work. And by work I mean working auth in both client and server side components when using trpc queries. |
Hey everyone, We have decided not to pursue adding Lucia auth as we believe it's too similar to next-auth (especially with v5 around the corner and it's auth.js port). Will keep this issue open until we've made a definitive answer on adding clerk or not. |
@cfarvidson I am also having a difficult time integrating clerk into the unique t3 trpc setup. Any way you would post the main parts of the deployment? |
Is there interest in adding other auth providers like SuperTokens? |
@RobertHH-IS there's an example project by @perkinsjr for integrating clerk into t3 trpc here. It's based on the pages router, but still helpful. I would also like to +1 adding clerk auth to create-t3-app. I think most people using t3 are opting for next-auth or clerk, and getting clerk to play nicely with trpc is a little painful. For anyone interested in this in the meantime, clerk provides documentation for pages router integration here. EDIT: I've created a sample repo here if you need help setting up clerk. Note that you need to create a clerk app first and add the publishable and secret keys to your .env. |
Here are my thoughts: Many users of create-t3 are focused on quickly shipping and iterating on their projects. A challenge emerges, for example, when a project scales and there's a shift towards developing a React Native application. At this point, next-auth proves to be incompatible with React Native. Introducing support for alternatives like Lucia, and possibly Clerk (despite it not being open-source), could offer a seamless transition. This strategy would prevent users from having to undertake extensive refactoring when they decide to expand their projects. |
This statement is just not true. next-auth supports react native auth in the exact same way as lucia does |
@juliusmarminge You are right, I knew about |
I am willing to try and implement lucia in ct3a as it is at the moment, would that be allowed to merge if it is up to the standards? |
|
I am definitely in favor of this. Next-auth just never does quite everything necessary. The non-beta version doesn't do refresh tokens and doesn't work well with keycloak, and the newer iteration looks promising but its still very much early stages. Clerk on the other hand seems more robust |
@juliusmarminge would a PR adding a Clerk option be welcome? |
Clerk is so incredibly easy to set up, that I don't really see a reason for this. |
Hey @juliusmarminge! I just watched the last Theo video talking about this. Instead of Clerk, I would like to propose a new managed auth: stack-auth. It is as easy to set up as Clerk, and... it is fully open sourced. You can even host it yourself. I just migrated my project from next-auth to stack-auth, and it has been great! Now I can support email/password authentication, and have a separate sign-in/sign-up page! Clerk is obviously ahead in terms of functionality and/or documentation, but in my opinion the clouse-source nature of it doesn't fit the t3 stack well. And stack-auth is advancing quickly and we can even contribute it to make it better still! BTW, it is also backed by the creator of next.js, Guillermo Rauch |
You can have separate sign in/up pages with auth js/next-auth. Not saying it's good, but it isn't a "missing feature" |
Really really appreciate if we can get Clerk as an auth option in Create-T3-App!!!! Some of the options mentioned here are not reasonable, but I think integration Clerk (and possibly Lucia) is a good option that will save devs hours. |
Lucia will not be supported any longer: lucia-auth/lucia#1714 |
Is your feature request related to a problem? Please describe.
I noticed that we only use nextAuth or choose none to start with no auth, then either add an auth service manually or develop without auth.
Describe the solution you'd like to see
Add clerk to auth option as a start just like drizzle was added to the ORM list to quickly setup clerk using the CLI instead of manual setup.
Describe alternate solutions
.
Additional information
Maybe later add other auth method besides clerk and nextAuth but for now this one the ones I see been used often, so I wanted to know if this is a desirable feature to add to the CLI.
The text was updated successfully, but these errors were encountered: