MiddlewareAuthenticationStrategy #964
Replies: 5 comments 13 replies
-
We might consider splitting up step 3 and leverage, that we have an existing middleware service. So instead of directly resolving the middleware auth strategy we do:
And then in the middleware service, we add a new method
|
Beta Was this translation helpful? Give feedback.
-
Everything you wrote in the OP makes a lot of sense to me. One thing to consider here is that this strategy pattern is something that can fill many gaps that currently set back more advanced feature requests while being easy to implement. I found another example of this while browsing the core regarding display number generation, I'll add another issue for it. I'll have a go at implementing the MiddlewareAuthenticationStrategy. One thing I'm wondering about is whether this will need changes to medusa-js as well, given that some auth schemes may need to redirect the user. |
Beta Was this translation helpful? Give feedback.
-
While I am working on the platform agnosticism, the authentication strategy should take the http adapter instance as an argument. That instance hold the underlying http framework and will provide de necessary bit and pieces to manage middleware, routes, etc... In the end, the user would be able to use the abstract strategy class, as I proposed in an early comment, and use the httpAdapter to add the specific platform authentication system, the user depends on. |
Beta Was this translation helpful? Give feedback.
-
I'm blocked at this issue, as there's no way to have custom authentication flow for customer, as we'll want to use another strategy for storefront for customer. At least, make the |
Beta Was this translation helpful? Give feedback.
-
can you provide the exact path of the files i'm still not able to extend customer authentication |
Beta Was this translation helpful? Give feedback.
-
We've recently added the concept of strategies to the codebase while building the Tax API. Strategies allow us to override specific tasks in the core project with custom logic. It works by defining a strategy interface, that functions as a contract for what methods (or tasks) are available for you to override within a specific domain.
Let's exemplify this by looking at a current take on a strategy for completing carts.
We've created the following interface that defines a method
complete
used for completing a cart:In the controller, we've removed all logic and are now simply resolving our CartCompletionStrategy from the dependency container and calling its
complete
method:Finally, we've encapsulated all of the logic from the controller into a DefaultCartCompletion strategy, that is used by default.
This pattern allows you to define your own strategy for completing a cart by creating a class implementing the
ICartCompletionStrategy
, that takes precedence over the default one at runtime when using the endpoint.Proposal: AuthenticationStrategy
Implement the strategy pattern for authentication and replace the current flow:
Potential approach:
Something along the lines of:
Before:
After:
This authentication strategy pattern will allow you to create complete custom authentication logic or use a third party provider like Auth0.
Beta Was this translation helpful? Give feedback.
All reactions