Web App Authentication
Posted by info_ailacs@reddit | learnprogramming | View on Reddit | 10 comments
what's everyone use for user authentication when making apps? do you handle it all monolithically or outsourced to a microservice (yours or otherwise)
Fajan_@reddit
This all depends on scale.
For small applications, using authentication within the application (JWT/Session based) is just fine.
As you grow, you tend to use dedicated auth services like auth0 or Firebase.
The most important factor here is that you don’t overengineer at the beginning.
Start simple, and extract when necessary.
info_ailacs@reddit (OP)
I've heard a lot of this. At first within application then they scale out
dariusbiggs@reddit
OIDC with OAuth2 using Auth0, trivial to do, and i don't have to deal with keeping the auth platform secure and up to date so we can focus on the business product instead.
daReallG@reddit
BetterAuth is good
Dry-Hamster-5358@reddit
For most apps, keeping auth inside the main app is totally fine basic setup is usually sessions or JWT + password hashing plus maybe OAuth (google etc) microservice auth only makes sense when you’re at scale or have multiple services sharing the same auth system
otherwise it just adds complexity a lot of people also use providers like auth0, clerk, firebase to skip the headache depends on your needs, but simple > overengineered in most cases.
Ok_Assistant_2155@reddit
For side projects: Firebase Auth or Supabase Auth. It's free, handles OAuth providers, and I don't want to build password resets from scratch. For work: custom JWT with refresh tokens because compliance.
AintNoGodsUpHere@reddit
Keycloak is the goat.
Others are problematic if you're small or medium and trying to cut costs. I find that keycloak configuration is easy enough to be done once and never again.
Either-Signature-726@reddit
You can use OAuth 2.0 like the others mentioned, especially for larger projects. I personally used Facebook and Google OAuth in one of my projects, both are free to set up, you just need a developer account with each platform and the relevant libraries installed.
For smaller personal projects though, Firebase works as well. Alternatively, you can go with a free database service, set up your user tables, build a registration frontend, and handle credential checks through a mailing system(For example, you can use PHPMailer if you are using php, it is free and you need to install its libraries as well.
Hope this helps!!!!!!!!!!!!!!!!!!!!!
itijara@reddit
As someone who manages a bespoke IDL for my job. Don't make your own. It's not that you can or make it secure, it is just that the features you get out of the box from either vendors or third party libraries will be all the things you need and will include nice things like a management console, backups, SAML, PKCE, federated identity management, etc.
In any case, Auth0/Okta are good for larger companies, but for smaller projects you can look into firebase auth as it is a bit simpler. Keycloak is a popular self-hosted option, but I kinda hate it because of how clunky it is.
lawful_manifesto@reddit
been using auth0 for most my projects lately since managing password resets and all that stuff gets tedious fast. tried building my own jwt setup once but debugging session management issues while trying to meet client deadlines was nightmare
for personal projects though i usually just go with firebase auth since its pretty straightforward and handles the social login buttons without much hassle