support other oauth providers #1
Comments
cdepillabout
added
enhancement
|
It would be better to handle supporting Facebook as an independent issue. |
|
You're right, I added a new issue #20 about adding Facebook OAuth. I will change the milestone of this to "after MVP". |
|
It would be great to handle non-social providers such as auth0 and firebase. |
|
Thank you, @alexanderkjeldaas. I've never heard of auth0. It is interesting! Do you have any concrete use cases that indicate why Goat Guardian should support it instead of just using auth0 directly? |
|
I don't think there's much competition actually. I've used both, but I'd prefer something like Goat Guardian. auth0 has the lock library, but I don't think they have something like this. What I think they do have is, if you're missing the auth header, you can redirect through their site and back, but that's ugly and changes the URL to some auth0 url. Both firebase and auth0 can do email registration, so in that sense they have similar behavior. Still, I've been looking for something like Goat Guardian as I think it's a clean separation of concerns, and it doesn't redirect away from the site. What's good about firebase and auth0 is that there is a web-based UI where you can manage your users, enable/disable users etc. This is a very convenient way to make services stateless - the user database is handled by someone else. For firebase at least, there is a small JSON data structure that can be fetched with some account information. That could store the subscription level for example. Having access to that as a header would be great. I think the social login in auth0 and firebase mostly work if you re-use their login screen or their SDK, but then there's no separation of concerns like with this proxy and Haskell support is non-existent. |
|
Thanks for explanation, but what I actually want to know in this time is not whether auth0/firebase can be an alternative to Goat Guardian. The core question I want to ask is |
|
@arowM sorry for the late answer! The answer is NO. But auth0/firebase should be supported because of all the non social use-cases. It's when I want to make my own site with my own user management without running a database. That's when I want firebase for example. |
|
What do you mean by "non-social use-cases"? |
|
With non-social use-cases I mean login that does not use a social network. If you login but you don't use your social network account. My goal is to be able to manage accounts for my product without using any social network login method. Also my goal is to not manage any local database. |
|
Thanks!
It's too abstract to understand what you mean, but if believing the definition and your goal, why not using email authentication flow of Goat Guardian and using firebase in upstream server? It's strange to require Goat Guardian to support firebase/auth0 as a login method as you say. |
This means I need to keep state
|
|
I do not think so. |
It would be nice to support other OAuth providers. I'm not sure if we want to do this for the MVP, but eventually we should add it.
Currently we support logging-in via Twitter, but here are a few services that seem to be popular as well:
There is also a separate issue for supporting Facebook oauth login at #20. Supporting Facebook OAuth is higher priority than the services above.
The text was updated successfully, but these errors were encountered: