Question regarding the use of crypto.js as the userId

[BiscuiTech]

Hi! Let me preface this by saying that I really love this package. The solution is quite elegant and fluid. It's honestly a breeze to implement it in a sveltekit app.

I had a question regarding the internal mechanics of the auth.

I'll jump right ahead: why did you make the Auth class generate the userId itself instead of letting database adapters manage it? Wouldn't the adapter be the best place to handle these sorts of implementation? Right now, a prisma schema such as this:

//...
model User {
 	id         String  @id @default(cuid()) @map("_id")
	//...
	@@map("user")
}
// ...

wouldn't work since the cuid isn't conform with the crypto.js-based userId provided in the setUser functions of the adapters. As I understand it, the reason here is that you need the userId to create the refreshToken before creating the user, but wouldn't it better if we had some sort of transaction implemention of all-or-nothing with multiple creates and updates? Or better yet, simply create the user and then create the refreshToken, letting you drop this crypto.js dependancy and let the adapter manage the ID generation.

[pilcrowonpaper]

To be honest, the reason Lucia generates its own user id was because UUIDs are too long (of course that's different now). I'm not really sure on this one. I guess I can make custom id generation optional, so Lucia will pass on an empty user id to the adapter? We'd still have the crypto dependency since it's used for hashing passwords btw.

For now, if you need something that conforms with UUID/CUID, you can use config.generateUserId which allows you to generate your own user ids.

[pilcrowonpaper]

Like I said, I can make the custom user id generation optional and let the dev pick whether they want to create their own or let the database do it.

[pilcrowonpaper]

I'll try to implement this with the next update, but it might be the one after it

[BiscuiTech]

No worries! If you require any help on a PR, let me know.

[pilcrowonpaper]

got this working

custom user id generation is disabled by default, but you can still provide a function that generates a new user id

[BiscuiTech]

I peaked at the implementation and it's really coming along! Thanks for your hard work.