As I’m building prototypes or products for clients, I’m constantly concerned that the standard tools I’m using for auth (Devise for Rails, Passport for Node, etc) are just not enough over the long haul to keep user data secure.
Storing user data and handling most of the auth service seems risky as hell to me, but I don’t see quite as many strong opinions from the dev crowd about identity management as I do people sniping about where to put spec files in their codebase.
I guess I’m openly curious: Are folks using services like Firebase, Auth0, Okta to manage their user persistence, authentication, and authorization? Or are folks just rolling their own or subscribing to open source projects and crossing fingers?
Personally, the Auth0 docs are not hitting the mark regarding the delivery vs complexity. It’s near to impossible for me to quickly get a ReactNative -> Auth0 -> API Server routine going. Okta seems easier, but I haven’t dug in. Firebase seems easiest, but then I don’t trust it because of the simplicity.
Fishing for opinions and experience on this one, I guess.
For all of my stuff, I roll my own authn and authz. It’s really not terribly hard to get right, it invariably deals better with the growth of weird business cases, and most importantly it means that I can make guarantees about user privacy and security that relying on a 3rd-party service would preclude.
We are responsible for our own uptime–ultimately, we’re responsible for the privacy and security of our users.
I guess I don’t feel as confident about auth being “not terribly hard.” There are a lot of hacks being done against folks that I assume consider themselves smart enough to roll their own.
As I’m building prototypes or products for clients, I’m constantly concerned that the standard tools I’m using for auth (Devise for Rails, Passport for Node, etc) are just not enough over the long haul to keep user data secure.
Storing user data and handling most of the auth service seems risky as hell to me, but I don’t see quite as many strong opinions from the dev crowd about identity management as I do people sniping about where to put spec files in their codebase.
I guess I’m openly curious: Are folks using services like Firebase, Auth0, Okta to manage their user persistence, authentication, and authorization? Or are folks just rolling their own or subscribing to open source projects and crossing fingers?
Personally, the Auth0 docs are not hitting the mark regarding the delivery vs complexity. It’s near to impossible for me to quickly get a ReactNative -> Auth0 -> API Server routine going. Okta seems easier, but I haven’t dug in. Firebase seems easiest, but then I don’t trust it because of the simplicity.
Fishing for opinions and experience on this one, I guess.
For all of my stuff, I roll my own authn and authz. It’s really not terribly hard to get right, it invariably deals better with the growth of weird business cases, and most importantly it means that I can make guarantees about user privacy and security that relying on a 3rd-party service would preclude.
We are responsible for our own uptime–ultimately, we’re responsible for the privacy and security of our users.
I guess I don’t feel as confident about auth being “not terribly hard.” There are a lot of hacks being done against folks that I assume consider themselves smart enough to roll their own.
That’s a totally fair point!