You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -6,14 +6,20 @@ Implementing user authentication for actions on post, patch, edit (anything that
## Options
- No user authentication
- No user authentication or in house security
- User authentication
- Auth0
- OAuth2
- NextAuth.js
We picked auth0 as it is a well known and trusted service that is easy to implement and is well tested. Auth0 also has a terraform provider which allows us to integrate it into our IAC for easy deployments/ teardowns.
Using no auth or in house auth vs Auth0
| Pros | Cons |
|----|----|
| Personalised security and easy to change the way it encrypts or stores data (in house) | Time efficent with no added risk |
| Major security risk and makes the site vulenerable (no auth) | Allows for a safer website by encrypting user information |
## Outcome
Users are authenticated using Auth0. Managed through terraform for easy deployment and teardowns. Cannot run e2e tests on workflow because we do not have permissions in our repository to manage secrets for auth0. This meant that e2e tests can only be run locally.
We picked Auth0 as it is a well known and trusted service that is easy to implement and is well tested. Auth0 also has a terraform provider which allows us to integrate it into our IAC for easy deployments/ teardowns. Users are authenticated using Auth0. Managed through terraform for easy deployment and teardowns.
Cannot run e2e tests on workflow because we do not have permissions in our repository to manage secrets for auth0. This meant that e2e tests can only be run locally.
