Skip to content

Instantly share code, notes, and snippets.

@gr2m
Last active May 7, 2022 08:22
Show Gist options
  • Star 40 You must be signed in to star a gist
  • Fork 4 You must be signed in to fork a gist
  • Save gr2m/5463426 to your computer and use it in GitHub Desktop.
Save gr2m/5463426 to your computer and use it in GitHub Desktop.
Imagine the typical backend tasks for user authentication would exist right in the browser. How would the code look like? This is what I came up with. Forks & comments much appreciated! #nobackend #dreamcode
// sign up
account.signUp('joe@example.com', 'secret');
// sign in
account.signIn('joe@example.com', 'secret');
// sign in via oauth
account.signInWith('twitter');
// sign out
account.signOut();
// change password
account.changePassword('currentpassword', 'newpassword');
// change username
account.changeUsername('currentpassword', 'newusername');
// reset password
account.resetPassword('joe@example.com');
// destroy account and all its data
account.destroy('currentpassword');
// all methods could alternatively accept a parameter hash
// that would also allow for additional user info
account.signUp({
username: 'joe2000',
password: 'secret',
birthday: '1984-05-09',
email: 'joe@example.com'
});
// that would also allow for a general change method,
// that changeUsername or changePassword would simply
// be shortcuts for
account.change({
birthday: '1984-05-09',
});
account.change({
username: 'joe3000',
password: 'secret'
});
@gr2m
Copy link
Author

gr2m commented May 15, 2013

Restrictions for usernames, e.g. only valid emails, is app specific. So in your case, signUp("joe", "secret") should fail with an error message, that "joe" is not a valid email address.

The actual API should not be affected by that.

@kybernetikos
Copy link

This stuff still seems to be thinking about the backend too much. In a nobackend system that I'm playing with in my spare time, I just delegate all of that to Mozilla persona. As a developer I don't want to care about signup. The developer code gets given the persona validated email address of the person signing in, and the hash of it (in case they want to send it to other users for displaying gravatars).

So the code I want to write is something like .login() / .logout() and .onLogin=.onLogout= . I really don't care about 'signup'.

@yazz
Copy link

yazz commented Oct 16, 2013

Actually Clojure on Coils already lets front end only developers write full backend code securely without having to code the backend:

https://github.com/zubairq/coils

: see here for an actaul source file to see the login functionality calling SQL statements:

https://github.com/zubairq/coils/blob/master/src/webapp/client/views/loginpanel.cljs

@Stwissel
Copy link

With all the security breaches around I'd rather not maintain another set of username/passwords. How would it work when I want to use Facebook/Twitter/OAuth/SAML for signup/login?

@gr2m
Copy link
Author

gr2m commented Jun 12, 2014

@Stwissel

var provider = 'twitter' // can be what ever the backend supports, like 'google', 'facebook', etc
account.signInWith(provider);

It's already in the code above.

@g8d3
Copy link

g8d3 commented Jul 5, 2014

what about:

account.attr = 'something'

Instead of change method? Breaks the order? I.e because account is a namespace for account functions?

@evinw
Copy link

evinw commented Aug 13, 2014

Great ideas!

@jonohayon
Copy link

Hi!
I've created the signUp(email, password) function using Firebase.
You can see it in action here (and edit the code obviously): http://codepen.io/rezozo/pen/jEbQEL

-- Jonathan

@khanhtran
Copy link

How to add capcha support?

@iamtchelo
Copy link

WOW! This is amazing!

@daslicht
Copy link

var u = new User(); // the User Class (ValueObject) can be reused for anything else 
      u.username ="joe2000";
      u.password = "secret";
      u.birthday = "1984-05-09";
      u.email = "joe@example.com"
Users.signUp(u);


And this all with full IntelliSense:
you just have to type u.
then hit ctrl+space
and the IDE shows you all possible values and you just have to choose them!
That way you can create your Objects and leave them alone.
You no longer have to remember any variable.

instead of a JSON Object where yopu have to remember or lookup possible object variables:

account.signUp({
  username: 'joe2000',
  password: 'secret',
  birthday: '1984-05-09',
  email: 'joe@example.com'
});

@sesam
Copy link

sesam commented Nov 27, 2017

something like u = User().email('a@b.c').password('').sudo() could give me a window.user and if pass is wrong, just send an email that allows to sign in once, or change password + autosignin in the other window. Omittting .password() would make the signin code attempt to use whatever browser or other APIs available and fallback to the email-as-login approach. If browser has multiple possibilities like Persona, Oauths, SQRL, then a stored cookie is used to record stats on how succesful the approaches have been, to avoid begging for Facebook Oauth from someone who never used it before, but show it immediately to one who exclusively prefers it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment