🚀 Feature: Custom / Credential Auth Support

[PrinceGupta1999]

🔖 Feature description

Add support for a custom auth adapter allows authentication using credentials (a token/payload that can be verified by Appwrite to be authentic, e.g., JWT). This will allow developers to integrate Appwrite with virtually any existing auth system and remove the dependency of having to wait on the Appwrite community to support a specific auth provider.

The idea comes from Firebase where they had implemented the feature of supporting custom authentication which can be boiled down to 3 steps:

1. Developers generate a JWT token on their server with a unique User ID as a payload after establishing the user's identity.
2. On the client, call the SDK with the token for logging in (creating a new session)
3. The server validates the token and the user is logged in

🎤 Pitch

Why

There are dozens (if not hundreds) of authentication / OAuth providers. Even the immensely active community of Appwrite can't implement every authentication provider.

1. Some of auth providers may be local to certain countries or enterprise spheres: such as Yandex in Russia or WeChat in China.
2. Some authentication providers might be just too niche of a use case to implement or might not be compatible with Appwrite's OAuth Provider requirements (OAuth 2.0 and Email from what I could find): such as Twitter not supporting OAuth 2.0 for login.

As a result, there are many open issues with requests for adding support for some Authentication providers. Some examples I could find: #5897 #7231 #6978 #1778. Providing support for a custom auth system will allow the developers to add support for such authentication systems as per their use case and reduce the burden on the community.

How to use

Here's how a simple version of how this could be implemented with JWT.

1. The developer obtains a JWT Signing Key from the Appwrite Dashboard.
2. The developer implements a custom authentication provider like Twitter / Telegram etc. on their website/backend.
3. The user authenticates and the developer obtains the Identity of the user on their server.
4. The developer uses the JWT Signing Key to create a JWT token with the payload containing the unique ID of the user. Sends the payload to the client.
5. On the client, the code calls the Appwrite SDK to create a session with the custom token.
6. The Appwrite SDK calls the Appwrite backend. The backend decodes/verifies the JWT token and extracts the UserID from the payload.
7. The payload is used to create a new user account and session. The necessary session roles, permissions and cookies are set up as done in the other create session flows and the User is authenticated in Appwrite.

[eldadfux]

Thanks for raising this very detailed issue! Custom auth tokens are coming in Appwrite 1.5!

[PrinceGupta1999]

Thanks for the information. Looking forward to the feature addition.

[stnguyen90]

This should be possible in 1.5 with the custom token login method.

[Prashant4900]

Hi @stnguyen90, when we expect custom token in stable version? I'm using flutter sdk and it's not available yet.

[stnguyen90]

@Prashant4900, the account.createSession() does look like it's in the SDK: https://pub.dev/documentation/appwrite/latest/appwrite/Account/createSession.html