Deepsight-auth-core NPM

`deepsight-auth-core`

This is the core authentication library for deepsight. I made this library because I was tired of how complex and non-extensible Auth.js is. Don't get me wrong, Auth.js is a great library, but implementing some specific usecases, specially when it comes to various apps connecting to a single auth server, Auth.js can get really messy and hard to work with.

This is my attempt at creating a simple, yet flexible authentication solution, so that developers can host their own secure auth server in minutes, and extend it as their needs grow.

Current state

This library is extremely early, and very much a work in progress. It is not even usable/complete at the moment, and it lacks 90% of neccesary features to be even considered production ready. However, I expect this to change in the near future.

How will this be better than Auth.js?

Great defaults

I am also inspired by Clerk, which is a very popular authentication solution for modern web apps. One of the things I like about Clerk, is that they provide great defaults, which make it easy to get started, and very easy to use.

Of course, because Clerk is a completely external service/solution, we can't expect the same level of simplicity for configurating Deepsight Auth, however, we will still make it very easy to get started, so that it's not that much of a difference to set up your own auth server, compared to using Clerk.

REST API

First of all, I want this library to expose a very simple REST API, that can make it easy to develop clients for pretty much every platform. Auth.js REST API is difficult to use from environments like React Native, because it relies on browser-specific behaviours to work.

Instead, this library (along with the dedicated server packages for your platform of choice) will provide a simple, yet flexible authentication solution, that can be used to authenticate users in a secure manner, from any platform.

A fully working API should could be implemented by copy-pasting a single file, for instance, imagine a nextjs api route:

// /api/auth/[[...actions]]/route.ts
import { defineConfig } from "deepsight-auth-core";
import { MemoryDatabase } from "deepsight-auth-core/databases";
import { CredentialsProvider } from "deepsight-auth-core/providers";

import { createHandler } from "deepsight-auth-next";

const config = defineConfig({
  endpoint: "/api/auth",
  secret: process.env.DEEPSIGHT_AUTH_SECRET,
  providers: [new CredentialsProvider()],
  database: new MemoryDatabase(),
});

export const { POST, GET } = createHandlers(config);

Client libraries

I also want to provide official client libraries for popular platforms and clients, such as expo, react, nextjs, etc. This will make it easy to authenticate users on your own server, securely, and from any platform.

Extensible

Well defined interfaces for things like Providers (like OAuth, email/password, etc), and Databases (like MongoDB, Postgres, etc), will make it easy to extend the library with your own custom implementations. First party providers and databases will be available, facilitating development of common usecases, while also providing the flexibility to build custom solutions.

I also have some ideas for how to make some crazy custom flows possible, for example

Imagine you want to store your users in some PostgreSQL database, but you want your JWT blacklist to be stored in Redis, since this is a much faster datastore. You should be able to define accesorFunctions, so that we can call your custom functions for specific things, like getFromBlacklist and addToBlacklist.

Example concept:

const config = defineConfig({
  endpoint: "/api/auth",
  secret: process.env.DEEPSIGHT_AUTH_SECRET,
  providers: [new CredentialsProvider()],
  database: new PostgreSQLAdapter({
    connectionString: process.env.DATABASE_URL,
    accessorFunctions: {
      getFromBlacklist: async (jti: string) => {
        const result = await redis.get(jti);
        return result ? true : false;
      },
      addToBlacklist: async (jti: string) => {
        await redis.set(jti, "true", { EX: 60 * 60 * 24 * 30 }); // 1 month
      },
    },
  }),
});

Patterns like this one will be possible, and will make it easy to extend the library when the default configurations no longer suit your needs.

Underrated one, DOCS

This one will probably have to wait, unfortunatelly. But I do believe that good documentation is key to a library's success, so I will spend some time to write good documentation for this library, and I will also provide some examples and a guide on how to use the library.