DEV Community

loading...

How are you handling User Authentication?

codenutt profile image Jared ・1 min read

Here are some of the options that I know if to handle user authentication for apps:

  • hand rolled user authentication system
  • hand-rolled using a plugin (e.g. passport.js)
  • using an outside service (e.g. Auth0 or AWS Cognito)

I currently use passport.js, but I don't like it, and adding in social logins is complicated and annoying.

I'm currently shopping for a better solve for this problem.

Thoughts?

Discussion (25)

pic
Editor guide
Collapse
intricatecloud profile image
Danny Perez

Keycloak is a decent open source option that you can self host. Gives you all the benefits of a full blown auth system without a price tag. We use it at $dayJob.

For hosted solutions, Auth0 or Okta. While okta appeals to enterprises, they have an auth product for your consumer apps similar to Auth0.

Collapse
codenutt profile image
Jared Author

Have been leaning towards Auth0 for awhile. Any thoughts on one over the other?

Collapse
intricatecloud profile image
Danny Perez

Use Auth0 if you want to pay someone else to run it and be on call for it. Use Keycloak if you want to run it and be on call for it.

Otherwise, they all have a similar feature set.

Thread Thread
codenutt profile image
Jared Author

Best summary πŸ‘πŸΌ

Collapse
mikeyglitz profile image
mikeyGlitz

Advantages of keycloak is you and also federate logins with AD/LDAP, social media login, Kerberos,OAUTH, etc. There's also a Docker container for it.

Collapse
codenutt profile image
Jared Author

Awesome. Thanks for the info!

Collapse
eaich profile image
Eddie • Edited

I use three levels depending on the user / customer.

Consumer

  • Direct account - rolled my own using sessions as the primary method and JWT as an alternative. Used argon2 as the hashing algorithm. You'll need account creation, e-mail validation using some kind of temporary token/url, integration with trusted e-mail service like SES.
  • Social login - have only implemented Google at this time. They are not too complicated, but does take some time to figure out at first.

Enterprise

  • Federated login using SAML - If you're building for enterprise, this is a must so that you can integrate with their internal directory service.

Another 3rd party that you may be interested in is Okta

Collapse
codenutt profile image
Jared Author

Thanks for the feedback! Its not an enterprise app, so Okta is a bit of overkill, but it is a nice solution. Just expensive.

Collapse
jerry_hopper profile image
jerry hopper • Edited

Have a look at fusionauth, its a free fullblown auth solution.
im running a instance on a 2gb VM, with a couple of hundred users.
Oauth, openid, saml - everything you need.

did i mention its free?

Thread Thread
codenutt profile image
Jared Author

awesome, thanks!

Collapse
therealkevinard profile image
Kevin Ard • Edited

I like rolling my own JWT service. Of course, it's more work - but, like all things, you'll find a better product this way.

If you're greenfield and GQL is on the table, I had an AMAZING experience with Prisma. I went from vacant project dir to production-ready JWT auth in... 5-ish minutes.

Collapse
codenutt profile image
Jared Author

Cool! Been messing around with Prisma lately. May choose that for the next project for sure πŸ‘πŸΌ

Collapse
themisir profile image
Misir Jafarov

I'm using IdentityServer + AspNet Core Identity.

Collapse
codenutt profile image
Jared Author

Is that just a .net thing?

Collapse
themisir profile image
Collapse
cristinaruth profile image
Cristina Ruth

I've tried Google firebase and Amazon Amplify. Amazon has a default UI it comes with but firebase doesn't. πŸ™‚

Collapse
codenutt profile image
Jared Author

Sweet,may give Amplify a go πŸ‘πŸΌ

Collapse
seanmclem profile image
Seanmclem

Firebase has some UI libraries you get on npm. Or check out on GitHub. They have plain JS versions and some framework specific ones. But I don't think they are officially supported by Firebase or anything they're just community libraries.

Thread Thread
codenutt profile image
Jared Author

Cool cool. Thank you!

Collapse
niyasrahman profile image
niyasrahman

AWS cognito

Collapse
codenutt profile image
Jared Author

got any resources?

Collapse
nickbolles profile image
Nick Bolles

Accounts js is a cool, very modular library based on the meteor accounts module.
It's a pretty good balance of home grown vs Saas and has plugins for oauth, auth0 (I think?) And many more coming.

Collapse
codenutt profile image
Jared Author

Sweet! I'll check it out

Collapse
cbernardes profile image
Cleriston

I played with both and cognito has a major security issue.

medium.com/javascript-in-plain-eng...

Collapse
codenutt profile image
Jared Author

That's a fantastic article. Thanks for sharing! Not having a backup is a pretty big deal.