2 questions for the security of my projects.

[arminvburren]

Ok so Fief in combination with a simple DB model seems to fit most of my project which is a web app on heroku where I want a basic user system and some "savings" of what my app does. Strangely enough this in particular is the only place where i've found a basic cookie-based auth system working with basic templates (everything else is a either a full stack module to complicated to me who is not a web dev person, and FastAPI tutorial doesn't show any use of cookies).

I'd be very happy to use it but I still have two questions so that i don't end up having troubles on the long term:

• Can i start with the "cloud database" and later switch to self hosted / heroku db, and do this migration not losing any user ?

• Since fief is still a young project, what happens if the project is sort of stalled / canceled / discontinued ? is there a way I could download the code of the module, and put it in my project so that I don't ave to rely on an existing (or not anymore) Pypi package ?

[frankie567]

Hello @arminvburren 👋

I perfectly understand your concerns, and I'll try to bring you objective answers.

Before answering your questions, I would like to point out that I'm also the creator of FastAPI Users, which is an open-source library to help you add authentication to a FastAPI project (— actually, Fief is built upon FastAPI Users —). In this context, everything is run and backed by your app with no dependency on an external service like Fief. It may be worth to check for your project.

😅 Small warning: I'm about to release a new version which will change a lot of things, so it may be worth to wait a day or two before going too far with it.

Now, regarding your questions about Fief:

1. We don't have yet an automatic process to download and import your cloud database into a self-hosted one, but that something that should be quite easy to do manually, and I'll be happy to help you with this when the time comes. Technically, there is no particular blocker.
2. I've great ambitions for Fief, so I hope to go as far as I can with this project. Nonetheless, I agree that it's a possibility.
   • Fief is entirely open-source and will remain on GitHub forever, so you'll always be able to download the source code and run a self-hosted version.
   • Besides, as stated in the first point, I'll be able to give you a dump of your cloud database, so you'll even be able to import the data and adapt it to another authentication system without losing anything.

I hope it answers your questions. Feel free to ask for more clarifications 🙂

[arminvburren]

Thx for the answer.

I checked quickly fastapi-users and it seems that I would have to recode the entire front-end for the flow (registering / logging / password validation / retrieving password) since I couldn't find a simple front end else where.

A quick pro / cons of the two options goes like this:

Fief (cloud db) + web app db

• "+" All password flow already coded.

• "+" Super fast integration in my app

• "+" Social auth soon on the road map

• "-" 2 separate db (one for the users and my ap db that I'll use)

Note: Since I use heroku I can't use 'external db' option from fief because Heroku DBs adresses are not permanent. Self hosting unlinkely to work on heroku either...

Fastapi-user + my web app db

• "+" All in a single db
• "+" custom flow
• "-" have to painfully implement all password flow (and learn some async js apparently skills since it's not just submitting forms to routes)
• "-" have to painfully implement separate social auth if wanted later.

I have some other priority than code an auth flow in my App, so right now i'll likely go with fief, especially since your answers are encourageing regarding the possibility to migrate the fief user db locally if I want to in the future.

What and when are the update you want to do ? I'm only gonna use the basic in the "getting started" fief example i guess.

[frankie567]

Hi!

I think you've perfectly summed up the pros and cons of FastAPI Users and Fief. Some small precisions though:

• Heroku Databases may have floating addresses, but from my experience and from what they state, it remains quite rare. So I think it's okay.
  • There are plenty of good database providers out there: AWS, GCP, Render (Fief is on this one), DigitalOcean, ElephantSQL...
• Hosting Fief on Heroku is possible without any particular issue (I did it). I can provide you the configuration if you want.
• Social auth is supported in FastAPI Users: https://fastapi-users.github.io/fastapi-users/10.0/configuration/oauth/

Regarding the update, I was actually talking about FastAPI Users: I released today the V10. But since you want to go with Fief, that's not relevant for you 😄

Anyway, thank you for your trust and support! Feel free to ask more questions 👍

[arminvburren]

Mm i think i'll be interested in hosting myself on heroku indeed, but I'll see that later !