Mini Apps

in the latest Mini App SDK quickAuth is moved out of experimental into its own module `sdk.quickAuth`  with two fns:
- getToken
- fetch (wrapper around the Fetch API that automatically adds a Quick Auth session token in a header)

session tokens are automatically stored in memory and returned when present and not expired so devs are no longer required to do this—just call `getToken` whenever you want to access it or even easier just `fetch`

docs got expanded quite a bit with three new examples:
- make authenticated requests (fetch)
- get a token directly (getToken)
- validating the token on the server

lastly there's now a reference hono backend implementation that shows validating a session token in middleware that is deployable on cloudflare (link in next cast)

https://miniapps.farcaster.xyz/docs/sdk/quick-auth

Kind of related, but not that much.

I have created a Farcaster Auth plugin for better-auth which I find to be more straightforward and framework agnostic than the nextauth v4 method used in the template for mini apps. I would appreciate it if you guys could take a look, mention possible issues with it and star it on GitHub so I could talk to the better-auth team and add it as an official plugin to their library when I get the feelings that it's more complete.

cc @deodad @samuellhuber.eth @v @dwr.eth

Technowatermelon. Elder Millenial. Building Farcaster. 

nf.td/varun

@farcaster dev / dad / books, cooks, ski, code ~ there are many things of which a wise man might wish to be ignorant

Farcaster Development Boutique @ https://dTech.vision 💜 in love with tech 🤓decentralization, fitness and oldschool rap 😎

Kind of related, but not that much.

I have created a Farcaster Auth plugin for better-auth which I find to be more straightforward and framework agnostic than the nextauth v4 method used in the template for mini apps. I would appreciate it if you guys could take a look, mention possible issues with it and star it on GitHub so I could talk to the better-auth team and add it as an official plugin to their library when I get the feelings that it's more complete.

cc @deodad @samuellhuber.eth @v @dwr.eth 

https://github.com/iamlotp/Farcaster-Auth-Plugin-Better-Auth-

P.s: I tried using auth.js (aka nextauth v5) but the library won't let you have database sessions for custom credentials and I didn't want to use jwt so I used better-auth.

cool, a few quick pieces of feedback:

- the nonce needs to be saved somewhere and "consumed" such that it can only be used exactly once, in a library I'd expect this to also be parameterized so that devs could bring their own persistence layer, something like `type NonceManager = { generate(): Promise<string>, consume(nonce: string): Promise<{ success: boolean }>`. The consume fn needs to return false unless it both recognizes the nonce and the nonces hasn't been consumed already, check out the quick-auth server for an example that achieves this using a cloudflare durable worker

Ayy, thanks for the feedbacks! I'll be working on them and be in contact with you later if you're okay!

- consider a more generalized parameter for `farcasterAuth` like `resolveUser<TUser>: (fid: number) => Promise<TUser>`, all the code about fetching users from hubs or storing in a database is too opinionated for a middleware library and could all be done by the application inside `resolveUser`

- add `domain` parameter to `farcaserAuth` rather than relying on an environment variable

cool, a few quick pieces of feedback:

- the nonce needs to be saved somewhere and "consumed" such that it can only be used exactly once, in a library I'd expect this to also be parameterized so that devs could bring their own persistence layer, something like `type NonceManager = { generate(): Promise<string>, consume(nonce: string): Promise<{ success: boolean }>`. The consume fn needs to return false unless it both recognizes the nonce and the nonces hasn't been consumed already, check out the quick-auth server for an example that achieves this using a cloudflare durable worker https://github.com/farcasterxyz/quick-auth/blob/main/hono-cloudflare-worker/src/nonce.ts