Fork me on GitHub

Thanks again, @foo, for keeping things so flexible, while being very batteries-included; I'm sure it's something of a tightrope. Unfortunately, the auth plugin assumes :user/email, despite providing the option to change the transaction that it uses to create a user. My 'user' equivalent is 'author', and it's sprinkled throughout my codebase. I can work around it, and intended to write my own auth plugin anyway (I want to do invite-codes and support passwords). Will probably just change what I need in-situ for now, but if I see a clean way to provide the option in the current plugin, would you want a PR? I expect it's a very niche 'requirement' (I had a reason for them being separate at one time, but eventually merged them and favored the 'author' namespace because of how widely it's referred to, and my muscle-memory).

Jacob O'Bryant22:02:32

Ah yes, it does hardcode the :user/email attribute. I think an option for that would make sense; I'm thinking there could be a :biff.auth/get-user-id function with a default implementation of (fn [db email] (lookup-id db :user/email email)). A PR would be great.

👍 1

Regarding passwords, and forgive a slightly ‘off topic’ question… are traditional passwords considered a bad approach now? I mean, as opposed to emailed codes and so on. I suspect passwords are probably going to be deprecated in the future, in general, compared to other approaches.


I don't really have my finger on the pulse, but I use so many different devices that I prefer having a password. also, I'm hella old 😉

Jacob O'Bryant17:03:43

I'd like to add a how-to guide for firebase auth, which is similar to auth0 but free. I assume the how-to guide would still be useful for anyone who does want to use auth0. (Last I checked auth0 seemed surprisingly expensive -- maybe they're just hoping to get you hooked with the free plan, and then by the time you start paying you're already integrated?) For the sake of limiting scope I think I won't do any 3rd party integrations in the biff auth plugin, but if anyone wants to provide a community plugin that'd be cool. Though there might be much need--auth0 etc handles the main backend routes on their servers, so you just need some frontend code for the integration, and then add some backend code to validate the JWTs that come with each request.


If I can find tie I might try that the Auth0 free tier says 7000 which would more than cover my use cases — and Malcom Sparks demoed an Auth0 pluggin for Site which might be a guide

👌 1

I’m down for either firebase or auth0. However, +1 for firebase if it’s free. I can’t imagine having more than 7000 users, but boy would it suck to suddenly have to pay what is a considerable jump in price if I did exceed that. I can imagine a scenario where one gets front-paged on something and have a flood of users for that one-time-only-visit which could occupy a lot of the quota.

Jacob O'Bryant20:03:23

mm yes it sounds like a lot of users until you actually have that many


Actually, the limit to keep in mind with auth0 seems to be 10,000 when it jumps to $240 a month… yikes. It’s $23 at 7,000 users to 10,000 users.

Jacob O'Bryant21:03:47

looks like it's based on monthly active users. maybe it's not all that expensive actually, but eh. I don't even know what my MAUs are