1

I want to offer my users password-based authentication but also the possibility to log in with Oauth providers. I've looked into the Next-Auth adapters to get a reference for creating the schema and I'm also aware that there's an OpenSource package that adapts the createAuth method for Oauth, but it seems that the solutions provided force me to pick one of the those two.

I'm not sure how to approach this with Keystone. Should I, for example, create a Client list in the form of:

const Client = list({
  fields: {
    name: text({validation: {isRequired: true}}),
    email: text({
      validation: {isRequired: true},
      isIndexed: 'unique',
      isFilterable: true,
    }),
    password: password(),
    oauthProvider: text()
  }
})

that represent the clients of my app, and then a User for Admins in the form of:

const User = list({
  fields: {
    name: text({validation: {isRequired: true}}),
    email: text({
      validation: {isRequired: true},
      isIndexed: 'unique',
      isFilterable: true,
    }),
    password: password({validation: {isRequired: true}}),
  }
})

the latter being the one used as a listKey for the createAuth function?

I've also thought of generating random passwords for users that Sign In with Oauth, but It feels like a liability from the security standpoint.

Alejandro Rodriguez P.
  • 778
  • 5
  • 7

1 Answers1

0

I'm not sure I understand the problem. You should just be able to set isRequired: false for the password field, add whatever other fields you need to store for Oauth then use one or the other.

There's no need to generate random/placeholder passwords; the Password field stores bcrypt hashes so blank/missing values will never be matched. Ie. storing null in the password field will prevent that user from authenticating with a password, it doesn't let people authenticate by submitting a blank string or anything like that.

Does that help?

Molomby
  • 5,859
  • 2
  • 34
  • 27