Research authentication options for web2 login experience
ryanchristo opened this issue · comments
Is your feature request related to a problem? Please describe.
Research authentication options for web2 login experience given the following requirements and questions.
Requirements:
- email and password login
- social login options
- multi-factor authentication options
Qestions:
- What is the opt-out story? i.e. export, self-custody, etc.
- #2074
- What is the cost of scaling users? How much do we pay per user with X users?
Describe the solution you'd like
An authentication service that meets the above requirements and scales without unnecessary costs.
Describe alternatives you've considered (optional)
TBD
Additional context (optional)
TBD
For Admin Use
- Not duplicate issue
- Appropriate labels and zenhub epics applied
- Appropriate contributors tagged
Hey team! Please add your planning poker estimate with Zenhub @ryanchristo @blushi @flagrede @wgwz
Not to sound like a broken record but I believe we shouldn't be closed off "to rolling our own" as well.
The current auth system utilizes passportjs which by design is meant to function with many different auth providers.
For example:
- Google: https://www.passportjs.org/packages/passport-google-oauth20/
- Twitter: https://www.passportjs.org/packages/passport-twitter/
- Facebook: https://www.passportjs.org/packages/passport-facebook/
- Linkedin: https://www.passportjs.org/packages/passport-linkedin-oauth2/
- Magic links: https://www.passportjs.org/packages/passport-magic-login/
- TOTP (mfa): https://www.passportjs.org/packages/passport-totp/
What about MFA @wgwz ? With text yubikey or authenticator app? Update: Looks like you posted one solution but how well will it work?
I'm going to close this out as completed. We are now moving forward with a custom setup that leverages passport.
Artifacts from our comparison of authentication services:
- https://www.notion.so/regennetwork/Authentication-Assessment-dfe3dbc420c04017b952e2250bd7ab78
- https://www.notion.so/regennetwork/c9f4870d0f1341409e86b102b459e6d4?v=fd921c732f754388bf5370867bcd01f8
An initial set of follow up issue have been created for next steps: