英文:
Optimal Authentication Approach for a NestJS, GraphQL, and Vue.js SaaS Application
问题
我们正在开发一款具有离线优先思维的SaaS应用程序。我们的技术栈包括NestJS(Node.js),GraphQL和Vue.js(单页应用程序)。我们目前正在处理一个在我们的进展中成为障碍的身份验证难题。
最初,我们尝试了实施Keycloak,但似乎我们花了更多的时间配置新的提供者,而不是在应用程序上取得进展。我们考虑过Firebase,但由于创业初期的限制和预算限制,我们认为现在不太适合使用。
我们的应用程序设计为支持多个身份验证提供者,包括Google、Facebook和OTP电子邮件验证。此功能已使用Passport和NestJS模块实施。目前,我们正在使用JWT进行身份验证和刷新令牌,这要求我们在重新编写axios-auth-refresh库后,在我们的UI上手动实现令牌刷新的机制。
鉴于我们的经验和当前的技术环境,我们正在寻求关于在我们的情况下实施身份验证的最佳方法的建议。OIDC方法是否是今天的推荐标准,还是继续使用基于JWT的令牌系统就足够了?
我们欢迎关于在类似技术栈中进行身份验证的当前最佳实践的任何指导或建议。
提前感谢您的帮助。
英文:
We are in the process of developing a SaaS application with an offline-first approach. Our technology stack comprises NestJS (Node.js), GraphQL, and Vue.js (Single Page Application). We're currently grappling with an authentication conundrum that has been a roadblock in our progress.
We initially tried implementing Keycloak, but it seemed that we spent more time configuring new providers than actually making progress on our application. We've considered Firebase, but due to our startup constraints and budget limitations, we find it unsuitable at this time.
Our application is designed to support multiple authentication providers including Google, Facebook, and OTP email verification. This functionality has been implemented using Passport and NestJS modules. As it stands, we're utilizing JWT for both authentication and refresh tokens, which required us to manually implement the mechanics for token refresh on our UI after rewriting the axios-auth-refresh library.
In the light of our experiences and the current technology landscape, we're seeking advice on the best approach to implement authentication in our scenario. Is the OIDC approach the recommended standard today, or would continuing with a JWT-based token system suffice?
We welcome any guidance or suggestions regarding current best practices for authentication in a similar tech stack.
Thank you in advance for your assistance.
答案1
得分: 1
JWT令牌身份验证和身份验证/刷新令牌方法 在我们的SaaS应用中运行良好。在我们探索了各种身份验证选项之后,我们发现基于JWT的系统为我们的技术栈(包括NestJS、GraphQL和Vue.js)提供了所需的简单性和灵活性,尤其是在离线优先的环境中。
为了实现这一点,我们不得不开发一些自定义逻辑,但我们使用了axios-auth-refresh作为处理令牌刷新的有用脚手架,这使我们能够高效地管理令牌到期并在我们的Vue.js SPA中维护用户会话。最终结果可以在Revosheets中查看。
英文:
JWT token authentication and Auth/Refresh token approach for our SaaS application worked well. While we explored various authentication options, we found that the JWT-based system provided the simplicity and flexibility we needed for our tech stack, which includes NestJS, GraphQL, and Vue.js in an offline-first context.
To implement this, we had to develop some custom logic, but we used axios-auth-refresh as a helpful boilerplate for handling token refresh. This allowed us to efficiently manage token expiration and maintain user sessions within our Vue.js SPA. Final result could be checked in Revosheets.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论