In the past, whenever I have to implement authentication in a web application, I have always chosen to use a service provider such as Auth0 or Clerk. They make it easy to add authentication to my app with ease. However, in the recent project, I am working with a team and will have to interact with the backend, including storing user information in the database. Moreover, we will not be the only ones working on the project. So I have to factor in the cost of using a third-party service provider and the flexibility of using a custom solution or adapting to the backend team's solution. With that in mind, I discovered Auth.js(previously known as NextAuth.js), a library that makes it easy to add authentication to Next.js applications.
Despite it is used by many developers and has a lot of tutorials available, I found it challenging due to its lack of support for credential login. Which means I need to find a way to secure the credential login. At first, I tried to use Auth0, but its free tier does not support external databases. Then I experimented with saving and authenticating a user's password in our database, but I find it's not the most secure way to do it. Finally, I decided to go with Firebase, since we can store the user entity in Firestore, and authenticate the user with Firebase Authentication. It was challenging since I had to figure out how Auth.js works and manage data in the database. And I have to make sure it aligns with other login methods, such as OAuth and Magic Link. Furthermore, to add another layer of security, I decided to add the email verification process.
During the process of implementation, I researched a lot about authentication strategy and technology. It gives me a better understanding of how to secure an application. I also learned the difference between managing sessions with cookies or databases. It was a lot harder than just using a third-party service provider, but it was a great learning experience. I can now confidently suggest different practices based on the needs of the project. Other than that, I also learned how to work with a team when it comes to often changes and cooperation. I have to make sure that my implementation is flexible and can be easily integrated with other parts of the project.
Overall, I am now more comfortable with unexpected challenges and build a custom solution to better suit the project's needs. I am also more confident in working with a team and managing the project. It was a great learning experience and I am looking forward to working on more projects like this.