We are in the process of developing a SaaS application with an offline-first approach. Our technology stack comprises NestJS (Node.js), GraphQL, and Vue.js (Single Page Application). We're currently grappling with an authentication conundrum that has been a roadblock in our progress.
We initially tried implementing Keycloak, but it seemed that we spent more time configuring new providers than actually making progress on our application. We've considered Firebase, but due to our startup constraints and budget limitations, we find it unsuitable at this time.
Our application is designed to support multiple authentication providers including Google, Facebook, and OTP email verification. This functionality has been implemented using Passport and NestJS modules. As it stands, we're utilizing JWT for both authentication and refresh tokens, which required us to manually implement the mechanics for token refresh on our UI after rewriting the axios-auth-refresh library.
In the light of our experiences and the current technology landscape, we're seeking advice on the best approach to implement authentication in our scenario. Is the OIDC approach the recommended standard today, or would continuing with a JWT-based token system suffice?
We welcome any guidance or suggestions regarding current best practices for authentication in a similar tech stack.
Thank you in advance for your assistance.
