Date: 2024-09-04
Approved
Forms Platform requires a method of authenticating users. We are inclined to default to Login.gov, a government-wide federated service hosted by TTS, unless circumstances prevent its usage.
When using Login.gov, we need to choose which library and other integration details we will leverage.
Initially, we will use the Lucia Auth library. Lucia is recommended in the Astro documentation, and its companion library Arctic supports the PKCE method of OpenID Connect authentication supported by Login.gov.
Lucia and Arctic will provide us will a solid workable solution, and provides us with a structure we could incrementally replace if the need arises.
Lucia manages sessions, but in the future we may find it preferable to manage them ourselves.
Additionally, Arctic does not support JWT-based auth. We may want to consider node-openid-client, or an alternative, for a simpler approach. This would require our own session management.
This decision should be reevaluated once Forms Platform integrates with an identity provider other than login.gov.