How does auth work when I am using a third-party auth provider.
There are 3 main components of the system (at the beginning):
-
My Server
-
My Client
-
The 3rd Party Auth Server (Clerk)
Client-side:
-
My clients ask Clerk for a token and get one.
-
It clients must send that token on all future requests to My Server, if it wants to be authed.
Server-side:
-
My express server receives a request
-
The request goes through clerkMiddleware(); this adds the Auth object to req.auth, and allows me to use clerk functions like getAuth and clerkClient.
-
Once the request has gone through clerkMiddleware, it goes through MY middleware
userIdentificationMiddleware
The user is already authenticated, and I know who they are in Clerk’s database, but I also want to know who they are in MY database. Or, if they don’t exist, I’d like to create them in my database.
SO I will:
3a1. make sure the user exists if(!req.auth.userId) next()
3a. check my database for a record with clerkId == req.auth.userId
`prisma.user.findUnique({data: {clerkId: req.auth.userId}})
3b. if that record does not exist, create a user. prisma.user.create
3c. in either case, add the found user in the database toreq.user
3d.next() (e.g. call the next middleware)
- On my routes, I will use the requireAuth() middleware to protect routes that should only be accessed by users.
inside the route, i can get user data and auth data using the getAuth() function
{userId} = getAuth(req)
I can also use the clerk client
await clerkClient.users.get(userId) // or whatever
Clerk Setup