Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add firebase auth #386

Open
wants to merge 11 commits into
base: dev
Choose a base branch
from
Open

Add firebase auth #386

wants to merge 11 commits into from

Conversation

arnard76
Copy link
Contributor

@arnard76 arnard76 commented Jun 23, 2024
edited
Loading

Task

Solution

Authentication in Firebase is similar to AWS Cognito but I noticed some differences so I chucked them below.

Firebase.Auth.-.Manual.Test.Passed.-.Copy.mp4

Firebase Authentication

  • No (client or team) credit card required for 'spark' plan: https://firebase.google.com/pricing
  • it can handle up to 50k users a month
    and it will be a problem for client or future developers if that limit is reached

    Screenshot 2024-06-23 204001

differences between Firebase Authentication & AWS Cognito:

  1. firebase auth can only use email & password for authentication whereas aws cognito can use username & password (+ email for resetting password). This customization is not available in firebase (i checked 🥲)
  2. by default firebase confirmation email has a link rather than a code.
    account email verification email
    • maybe an improvement because the user won't have to copy and paste anything.
    • However, it requires frontend code changes to authentication flow (See Below)
  3. forgot password email has a link instead of code as well.

Code changes

Backend

  • added firebase/auth to services/services.ts
  • haven't removed aws cognito so easy to change back if this PR is merged
  • to handle difference 1. above:
    • refactored auth.controller.ts
    • refactored validation/input.types.ts

Frontend

  • to handle difference 2. above:
    SignUpForm.tsx: after creating an account, user now sees a message - 'confirmation email has been sent`
  • to handle difference 3. above
    forgot-password/page.tsx: after sending themselves reset password email, user doesn't see a confirmation code input anymore. And the way they reset their password is with the link in email which goes to (auth)/firebase-actions/page.tsx

Alternative solutions

AWS Cognito (but not university's)

this would mean we don't need to refactor the changes above 😀

however AWS seems to require a payment source so would have to discuss how that works.
ideally, it shouldn't be a source that has any money otherwise our code might accidently spend it 😇

Auth0

free plan is a great alternative: https://auth0.com/pricing

no credit card either

looks like it supports username/password (+ email) like AWS cognito so less refactoring changes than firebase solution 🙂

any more ideas ?? 💡💡

@arnard76 arnard76 self-assigned this Jun 23, 2024
@arnard76 arnard76 added project: global a project-wide issue project: frontend an issue in the frontend app project: backend an issue in the backend app type: security an issue that involves security labels Jun 23, 2024
@arnard76
Copy link
Contributor Author

Drafted in case clients want to keep the site live

@arnard76 arnard76 changed the base branch from main to dev June 23, 2024 12:36
@arnard76 arnard76 requested review from HuzzNZ and removed request for HuzzNZ July 8, 2024 02:20
@arnard76 arnard76 marked this pull request as ready for review July 9, 2024 00:04
@arnard76 arnard76 changed the title Draft: Add firebase auth Add firebase auth Jul 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@HuzzNZ HuzzNZ Awaiting requested review from HuzzNZ

@sharukyen sharukyen Awaiting requested review from sharukyen

@saamuelkim saamuelkim Awaiting requested review from saamuelkim

@Gautham-27 Gautham-27 Awaiting requested review from Gautham-27

@junjunjun1 junjunjun1 Awaiting requested review from junjunjun1

Assignees

@arnard76 arnard76

Labels
project: backend an issue in the backend app project: frontend an issue in the frontend app project: global a project-wide issue type: security an issue that involves security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@arnard76 @HuzzNZ