Developers March 22, 2020

What authentication platform do you use?

Spdydve

I am researching multiple authentication platforms for an upcoming project, and was wondering what everyone is using for their projects and businesses?

  1. 7

    I have built my own twice in the past, and it's a lot of efforts not spent on the core business. I would advice against and try to find a service you like instead.
    I have been pleasantly surprised by Google Firebase Auth recently. So far I have only used it along other Firebase tools, but I think it's worth giving it a try even with your own backend.

    1. 1

      Absolutely this. You wouldn't write your own payment service, so why write your own authentication service? I'm actually going a step further and writing a whole SaaS starter kit that handles authentication, user admin, subscriptions & billing, etc. because I feel strongly that you should be spending as much time as possible on your core business, and writing yet another auth system (and having to handle all those edge cases yourself) is just a massive waste of your time and a slowdown of your business.

      1. 1

        We're trying to solve similar problem!

        Though my full Shtack kit is going to be on the minimalist side and open source.

        1. 1

          I saw your product actually just the other day! I have you on my list of competitors. =) You might not be doing exactly the same thing, but it's definitely an option people can consider when trying to solve the problem.

          I'm happy to be in the same space with a lot of smart competition! I think there's a lot of room for a lot of different solutions here, and it reinforces the fact that there is a definite need for this kind of thing.

          I'm wishing you the best of luck, and I hope we both can help a whole bunch of people!

  2. 2

    I use django-allauth. It's the go-to auth package for the Django framework.

  3. 2

    I asked a similar question recently and have decided to adopt Auth0 for a small SPA project. For a simple use case - login/signup/reset password - it works great. However, you can easily get lost in their UI because they build their business to accommodate all kind of use cases and technologies.

    Yesterday, I spent a looong day trying to figure out how to get user roles and conditionally render the UI based on roles. It seems overly complicated for something relatively simple.

    That said I'd still use it. In fact I'm finishing up a demo app showing how React + Node express + Auth0 can all work together. It's for my SaaS boilerplate project idea.

    PS: Why not Firebase? I've made a conscious decision to support smaller businesses.

    1. 1

      This boilerplate code looks great! About to check it out.

      1. 1

        Let me know if you have any questions. Adonis.js starter kit is next on my list.

  4. 2

    Django's built in authentication features.

  5. 1

    Thanks everyone for your feedback! I will continue working through all the suggestions.

  6. 1

    Hi @Spdydve I am building an IAM platform, and I am thinking if it could match your needs. But first of, what do mean by authentication? Let me give few things to consider:

    • Which type of a project? For example, webapp (backend/frontend), mobile, ect.
    • Are login and registration needed?
    • Is multi-factor authentication required?
    • For how many users?
    • And are users consumers or business users?
    • Are users within some protected network or should it work in internet?
    • Do you plan to have user management (e.g. admin UI) or users self-managing their account?
    • Should users have account? (stretching the scope with authz)
    • Is there need for role-based access control?
    • Are you looking for a commercial (including freemium) hosted service or open-source self-hosted one?
    • How much you are willing to invest money or time authentication e.g. learning how Identity servers works and how to operate them?

    I think you might get better candidates if giving some more details.

  7. 1

    Google Firebase Auth is a way to go.

  8. 1

    Using SuperTokens for session management. Initially planned to used express sessions but then ended up discovering SuperTokens library through a blog post. You can check it here: https://medium.com/hackernoon/the-best-way-to-securely-manage-user-sessions-91f27eeef460

    You can check their website also if you interested: https://supertokens.io/

  9. 1

    We just tried Okta and found it to be weirdly complicated for even simple tasks. Ended up just stripping it out and building it myself. Takes little time once you've done it a couple times and was way faster than dealing with Okta.

  10. 1

    For the project I'm working on (a mobile app) I'm using Amazon Cognito. But I'm just going full aws stack for the backend, so that made the most sense.

  11. 1

    IdentityServer4. I love it.

  12. 1

    currently using firebase auth in my project, while good, I want full control of the data and flow, so writing my own. I was also using firebase for a few other things in my app but migrating away from it, firebase auth would have a bigger advantage if you're using other firebase services like firestore. If you're using node on client side the firebase packages aren't small.

  13. 1

    If you are deploying your own, I have used Keycloak. It’s quite big but it does everything out of the box, and is OIDC and SAML compliant. The default templates are pretty awful though. I’m now considering https://github.com/ory/hydra, as well as online services. Hydra looks good because it implements the challenging bits (OIDC) but not the user management bits, and is Apache licensed.

  14. 1

    +1 for Firebase Auth

    Been using it for multiple apps for some time now and it works great. Not only the authorization by the user but also things like passing and verifying ID token, etc.

  15. 1

    +1 Firebase Auth

  16. 1

    I am currently using Firebase and even though it works well and it's easy to integrate, I've became aware of the fact that they don't seem to provide a straight forward way of migrating your users somewhere else. It feels like all of these auth services simplify your dev flow at the cost of locking you in.

  17. 1

    I'm using Google Firebase Auth - it has plenty of docs, community, and tutorials on how to get up-to-speed and rolling really quickly. It usually takes a day or two, if not a few hours to set it up.

  18. 1

    I use Alpas built-in authentication scaffolding. Alpas also has a module for social authentication via Google, Twiiter, and such. Quick and easy.

  19. 1

    Google Firebase Auth works great for my app's needs.

  20. 1

    In the past I also built my own authentication but it can be very complicated, tricky and error prone. For my current project I decided to go with auth0.com and I am loving it so far! However, as indiepanda already said their UI and documentation is a bit overwhelming in the first place.

  21. 1

    I'm currently building a niche dating website, and this is one of the things I'm researching for. I'm using passportJS to start with and I'll probably build my own later.

  22. 1

    Okta is great.

  23. 1

    I have a startup that uses auth0, but to be honest i'm not very happy with it. Mainly because of poor documentation and their art of explaining simple things in a complex manner.
    If I had to choose again I would use my own, either with passport.js or custom built.
    In that control is very important.