Web Authentication Arms Race
It is now known as konfederation.
b 5 years ago
- Register authenticjs.org .
- Create a static site with documentation and examples.
- It should provide a set of routes for authentication (login, logout, 3rd party auth, etc).
- It should NOT dictate how a user is stored.
- Instead, we should provide an API that lets one define how a user is stored so that this system can be adaptable to other people's requirements.
- It should facilitate a workflow for forgotten passwords.
- It should facilitate a registration workflow.
- It should provide a system for federated authentication (so many sites can share the same uers). This is for empire builders.
- LiveScript should not be a runtime dependency.
- It should NOT provide any authorization primitives. That's out of scope for this library.
We're using LiveScript, but many of the same challenges apply.
Storage Agnosticism through Abstraction
I don't care what database you use.
All I care is that you can provide me with functions that conform to an API I define for accessing user information.