Guides
These guides help you get started on the trickier portions of the project and are not meant to be exhaustive. However, do let us know what other guidance you'd benefit from and we can add it in.
Since this the very first lab, more guidance will be provided. As we move on to the more complex labs, there will be less guidance on the fundamentals and more emphasis on the relevant covered topics.
Let's start building the authentication module!
Relevant concepts
This curriculum uses Starter Kit (v3) for the base codebase. Familiarity with its structure and components, especially with tRPC v11, will help you follow along more easily.
It is also assumed that you have a basic understanding of:
- JavaScript and TypeScript (with some familiarity with Next.js app router),
- General database concepts and SQL
Major libraries used in this curriculum that you might want to familiarize yourself with include:
- Prisma: An ORM for database access
- tRPC: A framework for building end-to-end typesafe APIs
- iron-session: A library for handling stateless session management.
You can find the full Starter Kit documentation here.
Recommended approach
-
Design the database schema first:
- Ensure that the schema can accommodate multiple authentication methods for the same user.
- Consider how to store OTPs securely (eg; hashing)
-
Implement email OTP authentication first:
- Focus on generating, sending, and verifying OTPs.
- Ensure secure authentication state management.
-
Implement OIDC authentication next:
- Set up the OIDC flow with Okta.
- Ensure secure authentication state management.
-
Test thoroughly:
- Test both authentication methods for security vulnerabilities and edge cases.