Lucia was definitely the easiest way to set up authentication… until you realize there are breaking changes every 6 months

How it’s going to work out: our boy Ben Davis is going to make a small npm packaged called Lucia-drizzle-session and we gucci

Loved using the library but yeah now without the library it's good to see it's still the perfect guide for simple auth

Yeah I don't mind this. Working with different auth solutions, it felt like Lucia was a little stuck in the middle. This is probably the best outcome; this is a sustainable identity for Lucia in the long run.

Interesting, I implemented auth from scratch recently with some ideas from Lucia and it was not hard at all. Of course, you need to spend some time on certain parts as you said but it's really not that hard and I think it's a great learning experience!

The industry is going in the shadcn approach, it's a good thing, no need to download packages, just put code into your code base and use it. I hope he also makes a CLI to easier bring everything into your codebase like shadcn

The writing was on the wall with the deprecation of drizzle and no redis/memcache adapter.

I never understood why the database integeration was done. It really never made much sense. User should just provided functions to e.g. load and store sessions.

If you think about it Lucia is mostly its docs and community. An actual auth implementation with Lucia only has a few calls to Lucia-related code itself which is only then a few lines of code. Absolutely everything else was database differences which really isn't the spirit of Lucia. The Internet was and is really missing good guidance on writing auth. Its so bad that modern LLM's trip over themselves and promote horrific practices and provide bad advice -- their training data is lacking. OWASP for all its efforts is so far from it: they pontificate about what to do or what not to do but you don't see any recipes or reference implementations which in practical terms limits their effectiveness and reach.

I also like the direction, even though I feel the abstraction was already just right! Love it still!

The only itch I have is that now I have to keep up with the latest security updates. Upgrading packages is not enough to make sure that my auth is running the right ecryption and stuff

These problems seem to apply to all libraries that need a database to work. I feel like more of these libraries should exist so that everything is like easy lego blocks, but this problem would get in the way. Instead what happens is libraries host the database and servers for you and then charge you as SaaS products. But I like libraries more as there’s more control and they are generally free.

there's new one, better-auth the guy is developing it like a maniac do check it out and contribute as he's alone.

Yeah I saw… this is a bit sad for since now I’ll have to write a bit more code but hey, it’s no big problem.

Didn't know jack harlow was chill like that 😂

mane same, feeling. it took me a few days to take it in but ig its a good thing

knowing what you're using is kinda neat ngl ;-)

I agree, at least this will help developers understand authentication better.

Thanks for the update! I was considering this then found this video. 😅 What do you think of Workos or Eartho?

Better-auth could be a good alternative, it has a higher level of abstraction than lucia and offer more features. But it's still in beta tho.

I’m so glad I never hopped on this wave

Kinda wished he just introduced some callbacks for creating/deleting the sessions and let users handle the storage layer, but I get his point. After you remove the adapters, there isn't a lot of value between that and just managing the sessions yourself.

I think this is great. also what I think rails is starting in rails 8 based on dhh's keynote

Then isnt maintaining as an individual who implemented following the tutorial also cumbersome? I don't wanna sound unthankful that thede tools are already free and open source but, Isn't that sometimes the reason people choose libraries over manually writing?

It's good to learn it once, but then for every other project implementing it from scratch... nah..

Idk about you, but I am planning to use this new guide to roll auth with olso and arctic. What about you?

only I is using own auth built from scratch?

lol, js libraries getting deprecated, who would have thunk

Now we have Better-auth 😅 are there any js fullstack frameworks has its own auth support out of the box apart from adonis JS I think we need something like laravel.

javascript moment

Honestly, this is why I just use mature, stable ecosystems on the backend, i.e. Python/Django, Ruby/Rails, etc. JS is the only ecosystem where the libraries behind core app features (Auth, ORM, Module bundlers, etc) change every other year.

Can you tell which font do you use for your VSCode?

have you tried better-auth

enjoyed the video

shadcn of auth

The root issue is wanting supertool library that does everything auth related. Supporting everything is probably impossible. In contrary, primitives like Artic and Oslo are more compostable and not coupled to dbs and orms.

roll your own auth!

roll your own auth brudda

yo wtf why, lucia is amazing, next auth is so opinionated and a hassle to work with,

JavaScript ahhh video.

I’m raging right now

Supabase auth is supa easy to set up

Let's be honest, EVERYBODY knew that was happening. No one uses it lol People in the ecossystem use AuthJS (former NextAuth) or something written from scratch.

Ben we tried to warn you. Stop using these silly startup auth providers. Just learn AWS / GC for the love of all good things.