Should I build my own user authentication system?
Hi there,
Should I have to build my own user authentication service? Or, should I use Auth0.
If you guys have any experience with Auth0, what plan do you use? Is Developer is enough to build a saas application?
Thanks
Trending on Indie Hackers
From an mvp standpoint i think auth is something that has been "solved", so much so that there are many great free providers around besides auth0.
I would definitely not recommend rolling your own unless you have a very specific need, which is unlikely.
Take a look at firebase auth or aws cognito which have very generous free tiers.
What are you looking to build and have you built your own user authentication before? Both of their pro's and cons. I'm currently using my own authentication with Bcrypt and some serious salting but I know I'll probably look at moving to Auth0 to remove some potential user data liability from myself to another party.
In terms of their plans, if you have enough users to need one of the paid tiers then you should hopefully be making enough money for it to not be a problem. That's my goal anyway!
Hi Ali, sorry to chime in so late. But can I also ask you to consider Midtype? In addition to auth, we also provide you with a database that is fronted by a robust GraphQL API (so that it's easy to create access control rules on who should read/write what). But you can also just use us for auth and then integrate with your own backend somewhere else.
Happy to explain more over phone or email ([email protected]).
Use Firebase and move along to build your product.
Simple authentication (e.g.: username/password) isn't too hard to build but it's also pretty easy to screw up. Using the wrong salting/hashing algorithm, inadvertently logging credentials, forgetting to disable HTTP- these are a few of the myriad of real issues you may face. Unfortunately, any database of passwords is going to be a target for hacking, even if the data in your application isn't sensitive. After all, it's probably a database of username/password combinations, right? And your users probably share those credentials among multiple sites? And this is just for username/password authentication. Once you look to add OAuth integration, long-lived sessions, or any other other features that users come to expect, your complexity and risk footprint increases.
For new projects of mine, I've started deferring to services like Auth0. As others have noted, their free tier is enough to get going and the number of yours that you'll have before tripping their paid levels should be high enough to cover the cost (hopefully!).
Using Okta for now and it looks quite good and not so hard to implement/manage - https://developer.okta.com/
It's probably better to start with an existing auth system, so you could focus on the core part of your app, and then build your own if you find it useful/necessary or interesting.
Hmm,
for our solutions in SaaSForge (https://www.saasforge.dev) we use RESTful token authentification from Flask (https://blog.miguelgrinberg.com/post/restful-authentication-with-flask). So there is no need to reinvent the wheel.
Defined I will have multi users with different role. I was thinking, if I add Auth0 to my app, how I will handle users data? I wanna have users data in my DB as well. In future if I add more fields to User document, will it make me do more configuration on Auth0 ?
I use Auth0 and their very generous free plan. Every user gets an ID in their system which you're supplied on a callback, so it's easy to use that ID to hook into your own user info storage.
Thanks everyone for very valuable advices. I truly appreciate it.
The stack I am going to use is MERN. I know there is a Passport.js and it is actually a middleware. I used to build Rails apps and it has Device gem which was pretty good.
My goal is to build Authentication service, Product Service and React app which works with above mentioned APIs.
If you guys ask me what kind of idea I am building is very simple. Currently there alot of tutors, teacher are switching to online. So they need An app that handles quiz creating and send to students.
Why I want to build my own Authentication service is I want to have mobile apps in future. So building microservice fits me great.
Thanks again for advices.
I think it depends on what stack/framework you're building on, and how comfortable you are in the weeds. There are a lot of great authentication libraries for popular web frameworks like Rails, Django and Flask. If you're building on one of those, it's not like you'll be starting from scratch on authentication.
I use Flask and chose to build my own auth, but was able to start with Flask-Login and some other libraries to handle password hashing and resets. It wasn't as much work as it sounds, and gives me full control for some more complex situations (multi-user accounts, etc).
That said, I can understanding not wanting to deal with authentication if you're not comfortable. If it's going to eat up time you feel you should be spending elsewhere, and you have a low enough volume to fit under a free tier at Auth0 or elsewhere it's not a bad option.
Use Auth0 (or something similar). If all you need is auth, then use something that does it well.
Currently, I'm moving away from Auth0 to my own. However, I have some more specific needs that Auth0 isn't built for and I have already built a few auth systems on my own. There is a LOT to keep in mind when rolling your own. So unless you REALLY need to, don't.
beside Firebase, another alternative is AppCenter Auth.
https://docs.microsoft.com/en-us/appcenter/auth/
This comment was deleted 3 years ago.
This comment was deleted 6 years ago.