You should not be encrypting passwords 😦

I thought that was best practices

I was reading the Oauth docs and they mentioned there passwords are always to be encrypted using this hash algo where the pass needs to be at least 8-64 chars long for security

Encryption is the wrong word to describe that- encryption is a two way thing (if you have the encryption key you can decrypt the original password to plain text, which is bad)

Hashing in this context is a one way operation. You can’t get the original password if it’s been properly hashed. Could just be a wording thing, but some people do encrypt passwords which is bad practice and just want to make sure you know the difference if you implement this yourself!!

Oh okay… i guess some sites use that word interchangeably then

I do too

I didnt know there was a difference

Yeah definitely a difference but such a small one, important in this context though. I would just recommend being very careful if you implement any auth stuff on your side. There’s a thousand “gotchas” that can come up

try Lucia if you want to implement your own logic

lucia project

which is not a package

Yes , this is just for learning purposes

Thanks il look into it!

Thanks for showing this

@/* @__PURE__ */ alfonsus im still a bit hesitant because i was reading the docs and lucia doesnt support magic links

I might try passport.js as i heard it supports it

magic links isn't that hard

just send url that callback to your app, with a jwt encoded token that is part of the searchquery

Im really new to backend so if possible i would like libraries that also show how to implement

It probably is really simple but im really new and so its a bit confusing for me

ahh i see

libraries arent suitable place to learn because they are made to acommodate broad use case and have many layer of abstractions that you would otherwise not need in a project

if your aim is just too learn then id recommend reading articles on how to implement one without getting distracted by libraries

although NextAuth also offer magic links

but again, thats the problem, its like a blackbox. you could still theorhetically go to the source code and learn how it works

Yeah, i was going to try passport.js since it also allows custom logic

And supports magic links

But i have heard lucia is good, but yeah maybe once i learn in-depth i can see its helpfulness and other auth like next-auth

I just started using better-auth today and I like it

I was reading next-auth docs but they said they dont recommend it

But i appreciate all thelp

The help*

Godspeed!