Making the authentication abstract
The following article is written by a member of our development team about something that is still in development. The article is accurate at the time, but by the time you are reading this might already be obsolete.
One of the early decisions we made during our development journey was to use Auth0.com for our authentication needs. This decision saved us the effort of implementing our own authentication layer and all the associated workflows, such as password resets and management tools.
Since Todo2d prioritizes user privacy, we aim to store as minimal information about you in our database as possible. Therefore, all that we store and know about you is the ID provided by Auth0.
However, as our needs evolved, we realized that users would prefer to be identified by their own "display name" rather than the generic user_123456 (referred to as the AccountKey). To address this, we introduced the AccountDoc document storage, enabling users to set their own display name. Subsequently, we began utilizing the primary key of the AccountDoc, the AccountId, to associate other documents with the user.
Despite these changes, many objects in our database still relied on the AccountKey for identification purposes, which determined access and changes made by users. However, anonymous users would only have an AccountId and never an AccountKey. Consequently, we needed to modify all the checks to accommodate this new requirement.
Fortunately, these modifications were relatively straightforward. Now, the only location where the AccountKey is used is within the AccountDoc.
In addition, we also incorporated the password hashing method. We opted for Argon2d, a hashing method specifically designed for passwords. We invested some extra time to ensure that it’s easy to add or replace the hashing method in the future.
The next steps involve implementing the authentication workflows: creating an account, logging in, and changing passwords. While there are more authentication workflows, for testing and verifying the new system, these are the ones we need to focus on.
