It's 2024 and implementing web auth still sucks

Captain's Log: Stardate 78017.3

I told myself I was going to take the day off from work today, but then I wanted to just finish one tiny little thing on the website auth... and here I am 6 hours later with auth kind of working.

I am sad to see that the state of web auth libraries is basically the same as it was 12 years ago, the last time I set up auth for a website. In fact in some ways it was more of a PITA this time, because the next-auth.js folks are up on their high horse about not using credentialed (email/password) logins, and trying to get everyone to just use oath2 providers. Which is a super annoying position, because when I run into a website that only does oath2, I leave. So clearly there's at least 1 user out there that hates this.

Anyway, because of their moral stance, the next-auth.js folks seem to have actively tried to make credentialed auth difficult, and the docs are terrible. But it is all still possible, obviously, and finally I've figured out how it is supposed to work. I now have a MongoDB instance running with basic user registration / login, though granted the visual style is atrocious at the moment.

But auth is probably the biggest hurdle to having product registration, so this is good progress. Now it's just a matter of creating the APIs and db tables for product registration, and then creating the simple UI to manage license activations (e.g. delete the license on your old windows laptop that exploded so you can install on a new one). This should go pretty quickly, I think.


© 2024 Anukari LLC, All Rights Reserved
Contact Us|Legal