Add more detail to Credentials provider. #8482
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
1 Ignored Deployment
|
|
@anthonyshew is attempting to deploy a commit to the authjs Team on Vercel. A member of the Team first needs to authorize it. |
anthonyshew
commented
Sep 4, 2023
|
|
||
| You can also use the `jwt()` callback to interact with your database to regain some of the functionality from [more powerful providers](reference/core/providers): | ||
|
|
||
| ```js |
There was a problem hiding this comment.
Would love some help on this pseudo-code!
There was a problem hiding this comment.
All this could live in the authorize() callback.
There was a problem hiding this comment.
Ah, right. Switched it up now. Does this make more sense? Anything you'd add/subtract/adjust?
There was a problem hiding this comment.
We can assume that updating jwt token in callbacks has been fixed?
balazsorban44
approved these changes
Sep 5, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
After speaking with the Auth.js maintainers about a change to the Credentials provider documentation, I'm opening this PR to introduce additional information about:
While Auth.js does prefer to encourage use of other providers, the username-password model is (despite its flaws) still widely used today. Over time, I know I've personally seen a handful of users ask about the discouragement of the Credentials provider and express discontent with the way it is documented.
With this PR, I'm hoping to (slightly) close the gap on the community's understanding of the Credentials provider. While we can still (in my opinion, properly) discourage use of the username-password model, we can still bring in the understanding that some folks are going to want to opt to take on those risks, anyway.
Please note
The psuedo-code that I've added in for interacting with a database is most likely wrong at the time of this PRs authorship. I've never used the Credentials provider myself but am aware that the maintainers have seen successful implementations that communicate with a database. Hoping I can get some maintainer help to document that code correctly!