Implement auth #37
Comments
|
After searching about implementations of session based login with nestJS, I found that there is currently an issue related to cache management within nest. Basically, nest cache solutions do not work with the newest version of redis. Because of that, and the huge amount of information on JWT, I will actually implement the auth flow using JWT. This may be refactored in the future, but it is not certain. Both authentication methods have their own pros and cons. The biggest issue with JWT is expiring a token after it's security has been compromised. However, taking into account that most users do not know what JWT is, the information within ArtiSync will not be anything super essential and the likelihood of this drawback actually affecting someone being really small, I've decided to implement the JWT auth. |
Change password /forgot password should actually be implemented within this issue and not in #36
This issue should also handle the sign in, register and logout.
Auth operations will be based on the session logic, not JWT, because it is much simpler and more secure. I'll probably use Redis for the sessions storage, however it is not yet decided.
I'll store only the user id in Redis, and the client will receive only the session id, keeping overhead to a minimum. Expiry length for each session is still not decided.
The text was updated successfully, but these errors were encountered: