How would I implement an authentication workflow?

[roderik]

I usually do a "onEnter" on React Router to check and redirect to a login page.

Running the check in getInitialProps? But that does not feel right...

[sedubois]

React-Router v4 solves this by using the React component lifecycle directly (componentWillMount etc). I raised the same question here: #91 (comment)

[sedubois]

Actually I correct that, it's solved like this: https://react-router.now.sh/auth-workflow

[nkzawa]

#25 would resolve this issue too, since you can have any auth logics on your server.

[rauchg]

Also, to be perfectly clear, for most use cases you don't need #25. That'd be only necessary if you don't even want to ship the component code (not data) according to authentication rules.

We perform authentication on zeit.co by re-using an authenticate method in getInitialProps across all the pages that require authentication.

[rauchg]

Logged as #153

[nkzawa]

@rauchg A problem is you can't properly redirect unauthorized requests.

[jaredpalmer]

@rauchg You store your sessions on api.zeit.co rather that on zeit.co correct?

[luisrudge]

@rauchg what you do when the user is not authenticated?

[bhurlow]

@rauchg can you elaborate on how you manage authentication in getInitialProps?

This makes sense to me for client side auth – could store token in browser. What about for when pages are rendered server side? E.g. with a <Link/> tag

[luisrudge]

@bhurlow you'll probably need a cookie.

[bhurlow]

@luisrudge I ended up having the backend API manage the cookie placement

[timneutkens]

Closing in favor of #153