New blog about about authentication and a preview example app

[Carl-Johan Blomqvist]

Hi everybody!

I have lately been trying to implement authentication into the Directory example app in the derby-example module. I wrote a topic about the not finished support for sessions and I'm glad to say Nate and Brian have done some progress (websockets are now supported and seems to work fine). Unfortunately I stumbled upon a lot of bugs when doing the authentication version of the Directory example app so I decided hold it off for a bit. However, I know a lot of people have been waiting on it so I put up whatever I had done so far (basically a full, but very very simple, implementation of authentication) on my GitHub account and wrote a blog post about it on blog: http://cjblomqvist.com/blog/derby-authentication-part-1/23

I'm also happy to say that I, by request, have added RSS to my blog. Feel free to add it to your RSS reader and spread the word around! I also wrote a short entry about Michael Nelson's blog post and screencast (that way you'll be able to find everything regarding Derby gathered in one place).

As always, let me know if you have any feedback or questions!

[Morten Henriksen]

Thank you, I tried making a test myself, being newbee to nodejs/derby I stopped at sessions thinking that I might just wait for a bit of doc instead of reading racerjs source. Auth is the missing link for making some serious applications with derby. Users expect their data always available and secure, despite sharing/going offline - derby and meteor are well on their way.

I find my self hitting refresh every 10th minute on git, waiting for 0.3.13, well aware Nate and Brian gotta sleep :)

[Richard Schulte]

Excititing!  This looks very promising.

I had an idea - what if we could build on this built-in solution with a derby-passport module, using http://passportjs.org/guide/authenticate.html ? 

This way, folks could still design their own custom auth solution by extending this approach, or just use us the npm module as a drop-in approach to extending the coming built-in auth via 0.3.13?

We would be glad to help with your work, and then build on it with derby-passport, as we have multiple projects coming up that will require a wide array of authentication solutions.

Also, I wanted to mention that I really appreciate the forethought of built-in access control.  This is gonna be loads of fun!

Does derby-passport sound like a good idea?  Again, I wanted to stress that we are all about ensuring derby has a solid built-in auth capability, and we are just looking to extend it with Passport.  

If you think this is a bad idea, please let me know!  After investigating, it seems that socket.io really changes the game for authentication, thus express-oriented solutions might not be the best way to go about it.

If not, we could always do something fancy with an npm module called something like 'derby-auth'.  Once you get a general session handling and auth down with an auth module (i.e. passport, everyauth), it seems that extending it with different authentication strategies becomes an afterthought!  It would be good to, as soon as possible, offer a self-hosted Oauth strategy, as well as the basics: Facebook, Twitter, Github, Google, local, etc.

Richard

[Carl-Johan Blomqvist]

The way it's setup right now, I believe it should be fairly trivial to implement passportjs (although I have never before checked it out). More likely, however, is that Nate/Brian (the guys behind Derby) will implement a way to easily hook in EveryAuth ( http://everyauth.com/ ) since Brian is the creator of it.

Once derby/racer support is better, I'll first finish my example app and then if I find time I'll try to see what I can do. Regardless, I definitely agree something general (like passportjs or similar) would be great to have!

[Richard Schulte]

I hadn't noticed that Brian was the creator of Everyauth!  In that case, we can throw passport integration out the window as an everyauth-based solution will likely be way better and more intelligently available.  Derby-everyauth it is!

We will be glad to help with a solid auth example/solution and contributing to derby in general for this, as we are looking to get started on some of these projects very soon.  We actually already began with working on implementing auth using the directory application ourselves!   Derby will be a very exciting project to contribute to!  

Also, Brian told me to keep the discussion going here: https://github.com/codeparty/derby/issues/47

And we should probably contribute to the documentation here: https://github.com/codeparty/racer/blob/master/src/accessControl/README.md

But yes, there are a few blocking issues between derby and racer to be ironed out, such as the ability to reference the session object in templates that you mentioned in your blog post.  I will see if we can help with testing and tackling the blocking issues to keep things moving forward!