Betrayy
TTCTheo's Typesafe Cult
•Created by Betrayy on 1/17/2025 in #questions
Supporting multiple auth providers
I saw another approach where you would check if there's currently a session, and then you can assume that the user is trying to manually link another provider
EDIT: I'll probably do this approach
31 replies
TTCTheo's Typesafe Cult
•Created by Betrayy on 1/17/2025 in #questions
Supporting multiple auth providers
Hey, if you've implemented manual account linking through Next Auth, I'm curious how you differentiate between a regular sign in and an account linking?
I was thinking maybe pass in an additional parameter to the
signIn function, with something like {isAccountLink: true}. This supposedly would set it as query param, which I could parse in the sign in callback.
Haven't tried it yet, but I'm curious if you went with better or different approach?31 replies
TTCTheo's Typesafe Cult
•Created by Betrayy on 1/17/2025 in #questions
Supporting multiple auth providers
After verification of course
31 replies
TTCTheo's Typesafe Cult
•Created by Betrayy on 1/17/2025 in #questions
Supporting multiple auth providers
If the user with email exists, link the provider to it and return the user. Otherwise, make a new user and link the provider to it, return new user
31 replies
TTCTheo's Typesafe Cult
•Created by Betrayy on 1/17/2025 in #questions
Supporting multiple auth providers
Yeah in the v2 link, that is essentially what I think I'll do
31 replies
TTCTheo's Typesafe Cult
•Created by Betrayy on 1/17/2025 in #questions
Supporting multiple auth providers
Ty, I'll take a look!
31 replies
TTCTheo's Typesafe Cult
•Created by Betrayy on 1/17/2025 in #questions
Supporting multiple auth providers
If it's not verified, I'll cancel the flow and result in some error
31 replies
TTCTheo's Typesafe Cult
•Created by Betrayy on 1/17/2025 in #questions
Supporting multiple auth providers
Yeah I'll go purely based off the email address, and you're absolutely right that it could be insecure to completely trust it.
However, to my understanding, some providers (not all!) do either require that users must verify their email first or they provide a boolean flag that tells me if the email is verified or not.
31 replies
TTCTheo's Typesafe Cult
•Created by Betrayy on 1/17/2025 in #questions
Supporting multiple auth providers
I think if they happen to login with a different provider, but it is with an existing email address you could link it thenYeah from the above discussion, that is what Jon also suggested to do, so I'll do that.
More complicated if they are completely separate emails from different providers thoughIn this case, I'll likely just make a new account if they are attempting to sign in/up with it
31 replies
TTCTheo's Typesafe Cult
•Created by Betrayy on 1/17/2025 in #questions
Supporting multiple auth providers
Technically, in this entire flow, the processing would happen twice (both in NextAuth and then in my external backend), but I can't help that I don't think. Better to be secure than not
31 replies
TTCTheo's Typesafe Cult
•Created by Betrayy on 1/17/2025 in #questions
Supporting multiple auth providers
Yep I am using NextAuth! in the
signIn callback, this is where I can retrieve the corresponding token and make the API call31 replies
TTCTheo's Typesafe Cult
•Created by Betrayy on 1/17/2025 in #questions
Supporting multiple auth providers
I am thinking of sending the corresponding token from the oauth provider to the backend so that I can verify it first. For example, if it's Google, I believe the id token is what you can use to verify and extract the user info
31 replies
TTCTheo's Typesafe Cult
•Created by Betrayy on 1/17/2025 in #questions
Supporting multiple auth providers
Right yep, after a complete authorization flow in the frontend, I would make an API call to my backend, which is where I would handle account linking
31 replies
TTCTheo's Typesafe Cult
•Created by Betrayy on 1/17/2025 in #questions
Supporting multiple auth providers
Also one more thing, I may also want to allow users to manually link their account to another provider, which doesn't necessarily need to have the same email.
How do you think I should handle this? I am considering making a "providers" DB table that is linked to "users" DB table by user ID. An user can have multiple providers basically (one to many relationship)
31 replies
TTCTheo's Typesafe Cult
•Created by Betrayy on 1/17/2025 in #questions
Supporting multiple auth providers
Gotcha ty, that makes sense to me
31 replies
TTCTheo's Typesafe Cult
•Created by Betrayy on 1/17/2025 in #questions
Supporting multiple auth providers
could you explain more what you mean by email? Like as in linking multiple providers to an account by email (which is what i mentioned above)?
31 replies
TTCTheo's Typesafe Cult
•Created by Sandip on 1/3/2025 in #questions
Is it necessary to have backend to upload pdfs, in uploadthing ???
Unless I misunderstood your question there...
if you want to directly interact with uploadthing in your backend, you can look at the openapi spec, and use a .NET openapi gen to generate client code
10 replies
TTCTheo's Typesafe Cult
•Created by Sandip on 1/3/2025 in #questions
Is it necessary to have backend to upload pdfs, in uploadthing ???
Once you catch the url given by uploadthing in the frontend, pass it to an endpoint in your .NET backend so you can save it to the database
10 replies