dev programming backend question 

Hey guys, I started doing more backend development at work, and so far so good. But today, I was attempting to implement authentication and I am a bit struggling, so asking for a bit of advice here.

dev programming backend question 

Context: We want to use an external authentication service to not have to handle this ourselves, and we have a relational database on a different platform. Backend code is running on cloud functions.

Basically, I want to implement passwordless sign-in, but I want to only provide access to the different applications only if accounts were created for these people with the appropriate role.

Show thread

dev programming backend question 

At first, I was thinking I should implement custom authentication using the service to “block” anyone without any account, but 1. I would have to manually send emails because the service doesn't offer to block that, which defeats the purpose of the 3rd party auth and 2. I read online that you should differentiate authentication and authorisation. Is that right?

Show thread

dev programming backend question 

Because of that, my attempt #1 was to create/update/delete “empty” users (= without a role) when they authenticate, and then authorise/block on requests. Feels like it could work, but it fucks up my database schema.

Show thread

dev programming backend question 

I have been thinking, and came up with #2: not creating users at all unless they are specifically created to be given access, and authorise only if a user was found associated with that id. On first auth, I could update the user in DB to store the id.

Show thread

dev programming backend question 

I feel like #2 is better as there are less “gotcha's” and I don't have to change my DB schema, but I don't know if it's right/clean/etc. Do you guys have any thoughts or opinions on this? Apologies if it's shite, just trying y'know

Show thread

dev programming backend question 

Feel like I already spent too much time on this, I feel stupid… but I have no idea if this is the “right” way to do things

Show thread
Follow

boosts appreciated if you want to give me a hand but don't have the knowledge for it :blobheartraccoon:

· · Web · 2 · 0 · 0

@kingarmand
Maybe you should have tagged your posts to reach more developers.

Sign in to participate in the conversation
Octodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!