auth0-spa-js
mercurius
Our great sponsors
auth0-spa-js | mercurius | |
---|---|---|
5 | 22 | |
876 | 2,300 | |
0.7% | 1.0% | |
8.5 | 7.8 | |
3 days ago | 5 days ago | |
TypeScript | JavaScript | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
auth0-spa-js
-
Tell HN: Stytch Login SaaS Unicorn has common auth vulnerabilities
Your message feels disingenuous and not in good-faith.
Auth0 clearly advises against the localStorage option which is most similar to Stytch's:
> _Important:_ This feature will allow the caching of data _such as ID and access tokens_ to be stored in local storage. Exercising this option changes the security characteristics of your application and _should not be used lightly._ Extra care should be taken to mitigate against XSS attacks and minimize the risk of tokens being stolen from local storage.
This is from the readme of the github you linked:
https://github.com/auth0/auth0-spa-js/tree/0de9c6bf61d37fc21...
And since their other client-only solutions have major UX challenges (as you highlight), I expect most Auth0 users have landed on the secure option.
This is very different from Stytch - which as far as I can tell - doesn't disclose or acknowledge the risk, and instead willingly puts developers at increased risk. Throughout this thread, you've been dismissive of the risk despite security organizations clearly indicating that HttpOnly is best-practice.
You've found a legitimate comparison in Firebase, but for me, you've taken several steps too far trying to compare to Auth0.
-
Fastify DX and SolidJS in the Real World
Auth0 provides the auth0-spa-js package which offers two ways to authenticate users:
-
Persistent login in React using refresh token rotation
Therefore, I have transformed the library [@auth0/auth0-spa-js](https://github.com/auth0/auth0-spa-js), which is another official Auth0 client library, to have an authentication hook and methods that can be accessible outside the components.
-
React Testing Library with Auth0 and conditional rendering
auth0-spa-js must run on a secure origin. See https://github.com/auth0/auth0-spa-js/blob/master/FAQ.md#why-do-i-get-auth0-spa-js-must-run-on-a-secure-origin for more information. 32 | it("renders a login button", () => { 33 | > 34 | const { getByText } = render( | ^ 35 | 36 | 37 |
mercurius
-
The Road to GraphQL At Enterprise Scale
GraphQL Gateway is primarily responsible for serving GraphQL queries to consumers. It takes a query from a client, breaks it into smaller sub-queries, and executes that plan by proxying calls to the appropriate downstream subgraphs. When we started our journey, there was only Apollo Federation in the arena, and we used it. Still, now you can look at other options (e.g. Mercurius, Conductor, Hot Chocolate, Wundergraph, Hasura Remote Schemas), compare benchmarks and decide what's important and preferable for your needs. The Gateway provides a unified API for consumers while giving backend engineers flexibility and service isolation.
-
Dynamic GraphQL queries with Mercurius
If you're using Fastify with Mercurius as your GraphQL adapter, you may be looking for some advanced usages. In this article, we'll explore a real world example with Dynamic GQL queries with Mercurius.
-
How to use DataLoader with Mercurius GraphQL
Loader: it is a built-in DataLoader-Like solution that is quick to set up and use.
-
Simple example with NestJS and Mercurius 😻
In this post I will show you how to implement NestJS😻 with GraphQL in code first mode, using Mercurius and the "platform" to Fastify.
-
Barrel Exports considered harmful
What this does is to overwrite or augment the types exposed by the pointed module, and can be used (for example) when relying on autogenerated code. One interesting case of this is GraphQL to TypeScript code generation, and how this is integrated with the amazing Mercurius library (made by some of my colleagues at NearForm! 😜).
-
Apollo Server v4 Breaking Changes. Time to move away?
When moving away from Apollo Server, and you're looking for a replacement built with JavaScript or TypeScript, let me give you some options. If you want to keep building your GraphQL API schema first, you might want to consider Mercurius (which relies on Fastify) or GraphQL Yoga. If you're going to build your GraphQL API code or resolver first, have a look at TypeGraphQL or Nexus. Alternatively, there are great GraphQL-as-a-Service solutions such as StepZen in case you no longer want to build, maintain and host your own GraphQL API.
-
Fastify DX and SolidJS in the Real World
Let's start with data. We live in amazing times and it's really easy and cheap (or free) to get started with storing and working with data online. Take for example a PlanetScale MySQL-compatible database, Fastify Node.js Server, Prisma database mapper and a GraphQL connector like Mercurius and you have an entire backend stack. For this example we assume you already have a backend or you want to connect to a 3rd party database like the GitHub GraphQL API.
-
Nest JS With Graphql World
In this chapter, we assume a basic understanding of GraphQL and focus on how to work with the built-in @nestjs/graphql module. The GraphQLModule can be configured to use Apollo server (with the @nestjs/apollo driver) and Mercurius (with the @nestjs/mercurius). We provide official integrations for these proven GraphQL packages to provide a simple way to use GraphQL with Nest. You can also build your own dedicated driver (read more on that here).
-
Shill me on Apollo client.
Why would I want to use Apollo Client? So far in my career I have used some server graphql scaffolding (webonyx/graphql-php for PHP and mercurius for Node) and just used the fetch API (or whatever ajax API around XMLHttpRequest) against that server with the body being an object with
-
Are there actually better alternatives than Apollo server?
Only for people who are clueless. Apollo server is probably the worst node.js server to use for your graphql schema. It's terribly slow. You should look into https://mercurius.dev
What are some alternatives?
nextjs-auth0 - Next.js SDK for signing in with Auth0
apollo-server - 🌍 Spec-compliant and production ready JavaScript GraphQL server that lets you develop in a schema-first way. Built for Express, Connect, Hapi, Koa, and more.
auth0-angular - Auth0 SDK for Angular Single Page Applications
graphql-helix - A highly evolved GraphQL HTTP Server 🧬
auth0-python - Auth0 SDK for Python
subscriptions-transport-ws - :arrows_clockwise: A WebSocket client + server for GraphQL subscriptions
AppAuth-JS - JavaScript client SDK for communicating with OAuth 2.0 and OpenID Connect providers.
graphql-tools - :wrench: Utility library for GraphQL to build, stitch and mock GraphQL schemas in the SDL-first approach
auth0-react - Auth0 SDK for React Single Page Applications (SPA)
graphql-js - A reference implementation of GraphQL for JavaScript
feedback - Feedback, Ideas and Suggestions for our articles
graphql-mesh - The Graph of Everything - Federated architecture for any API service