When I wanted my website’s Superspark Accounts to allow users to use their email address to sign in, and my previous method was a discontinued 3rd-party service, Passwordless looked like a fine replacement. The only problem was that it’s a Node.js package, and my site’s backend up until this point had been pure PHP. I got around this by making a RESTful wrapper around Passwordless that my PHP code could communicate with over local HTTP. I got some interesting takeaways from this project I wanted to share.
Express makes an excellent foundation for a Node.js-based server. I grumbled about having to learn it just to use Passwordless, but it holds to its promises of “unopinionated” and “minimalist” very well, and was pleasant to work with. I can see how some things I’ve done in PHP could’ve been made more easily with Express, and I’ll probably do so in the future.
Passwordless was similarly unopinionated and nice to work with – avoiding sessions as is preferable for a REST service was as simple as not using a recommended middleware it offered.
I was reminded of the importance of
encodeURIComponent-ing arbitrary strings before sticking them in a URL. If you’re going to tell Passwordless that the e-mail address is the uid, this includes uidToSend in your delivery method.
--inspect argument for Node was one of the best things I got out of working on this project. So great to have the full range of tools Chrome makes available for debugging scripts in Web pages to use on Node scripts.
Shout-outs to NearlyFreeSpeech.NET, which might be the only shared hosting provider in the world to allow using PHP and Node.js together, and Mailgun, which follows the same pay-only-for-what-you-use model I’d grown to love from using NFSN.