DEV Community 👩‍đŸ’ģ👨‍đŸ’ģ

DEV Community 👩‍đŸ’ģ👨‍đŸ’ģ is a community of 970,177 amazing developers

We're a place where coders share, stay up-to-date and grow their careers.

Create account Log in
Alex Sopinka
Alex Sopinka

Posted on

Days 1 and 2 - Auth

It wasn't so bad the past couple of days. A stable core product means I can stay head down in some code. And I definitely needed the focus.

Being a startup, we've moved fast and cut a couple corners here and there over the years. Nothing critical, just not the cleanest code in some places... and of course, that will eventually come back to bite you in the ass.

After the past couple of days, my ass looks like hamburger meat. I've been bitten a lot. Some key findings:

  • hardcoded dependencies on Slack being the OAuth provider
  • assumptions that we'd have Slack or a similar workplace messaging tool as the initial authentication for new users (with a "team"-like structure)
  • duplicate code copy/pasted in multiple places

Obviously some of the fixes were easy, like the copy/pasted code. Just a little refactoring there. The hardcoded dependencies and assumptions were a little trickier, and required some changes up and down the stack from front-end to database.

I'm happy to say we've got the Google OAuth implemented and working, intertwined with all the setup steps we take for new Slack users.

Sign in with Google

With the groundwork now set for multiple auth providers, I feel better when inevitably we need to add another "Sign in with XYZ Service".

Random pro-tip: if you're manually setting cookies to store something temporary, make sure you mark HttpOnly and Secure to true.

Latest comments (0)

🌚 Friends don't let friends browse without dark mode.

Sorry, it's true.