@theological Thanks so much for the comment! Really glad you like it and appreciate the support :)

@theankurtyagi The main difference is you don't have to implement or maintain anything by yourself! Wasp Auth also uses passportjs and best practices under the hood, but it is an integrated solution and allows you to move super quickly. There are still more features we want to add (e.g. more providers, more customizability), but that is the core idea. Keep it as simple as possible and free of any charge.

@zvonimir_sabljic1 Yeah, here's the docs: https://wasp-lang.dev/docs/auth/... And the secret sauce is in Wasp's use of a main config file which has your entire app in context and is able to compile the code together cohesively.

@kingromstar with Wasp, all you need to do is define your DB models and the type of Auth you want in your main config file, and Wasp glues it all together for you, and generates the UI components. Wasp does the work of configuring the NodeJS server for you so that the logged in user is passed in context. You actually don't have to touch any of this code -- it's all continuously compiled for you by Wasp. You just define the features in the config file, write your server functions and React pages, and it does the rest.

@hot_town so how do we manage sessions if we need to or how do we extend the functionality of this API? Or is this considered a separate service and we run our actual business logic API elsewhere?

@hot_town @kingromstar Some parts are customizable to some degree, some parts are opt-out, and everything at the end is opt-out, but you can also extend a lot of stuff, for example you can add Express middleware and similar. For example, you can customize our forms on the client to some degree via their properties, or you can drop them and use a bit lower-level API (so your components, but we give you functions to call for stuff like login(), signing(), ...). It is not a separate service, it is instead part of the framework -> so functionality that gets activated for you both on frontend and backend, and has its own API that you can use to degree you want to. When you say "how do we manage sessions", what specifically do you have in mind?

@kingromstar for me to better understand -> what is a blocker for you? You are worried about not having enough flexibility? I also used to roll my own auth with Passport.js and Node before, but I prefer getting all this out of the box instead, so I am curious to understand what exactly makes you not like this?

@oginokairan Really appreciate it 🙏

@waka 🙏

@whatever_123 appreciated! 🙏

@dan_tegzes problem-solving is great! 🙏

@sentry_co Good question! IMO the answer is not black and white and depends on what you need. But, if you use your database to store your users' data (not username/pass, but everything else they do in your platform), which is often even more sensitive than auth data, why wouldn't you also trust your database with the auth data?

@sentry_co Wasp automatically encrypts your user's auth data (e.g. password). For the rest of the data it often isn't encrypted by default, that depends on the use case.

@narendra_solanki that's exactly the goal. Thanks! 🙏