Jared

Posted on Oct 16, 2019

How are you handling User Authentication?

#discuss #webdev #javascript #node

Here are some of the options that I know if to handle user authentication for apps:

hand rolled user authentication system
hand-rolled using a plugin (e.g. passport.js)
using an outside service (e.g. Auth0 or AWS Cognito)

I currently use passport.js, but I don't like it, and adding in social logins is complicated and annoying.

I'm currently shopping for a better solve for this problem.

Thoughts?

Top comments (24)

Danny Perez • Oct 16 '19

Keycloak is a decent open source option that you can self host. Gives you all the benefits of a full blown auth system without a price tag. We use it at $dayJob.

For hosted solutions, Auth0 or Okta. While okta appeals to enterprises, they have an auth product for your consumer apps similar to Auth0.

Jared • Oct 17 '19

Have been leaning towards Auth0 for awhile. Any thoughts on one over the other?

Danny Perez • Oct 17 '19

Use Auth0 if you want to pay someone else to run it and be on call for it. Use Keycloak if you want to run it and be on call for it.

Otherwise, they all have a similar feature set.

Jared • Oct 17 '19

Best summary 👍🏼

mikeyGlitz • Oct 17 '19

Advantages of keycloak is you and also federate logins with AD/LDAP, social media login, Kerberos,OAUTH, etc. There's also a Docker container for it.

Jared • Oct 17 '19

Awesome. Thanks for the info!

Eddie • Oct 16 '19 • Edited

I use three levels depending on the user / customer.

Consumer

Direct account - rolled my own using sessions as the primary method and JWT as an alternative. Used argon2 as the hashing algorithm. You'll need account creation, e-mail validation using some kind of temporary token/url, integration with trusted e-mail service like SES.
Social login - have only implemented Google at this time. They are not too complicated, but does take some time to figure out at first.

Enterprise

Federated login using SAML - If you're building for enterprise, this is a must so that you can integrate with their internal directory service.

Another 3rd party that you may be interested in is Okta

Jared • Oct 16 '19

Thanks for the feedback! Its not an enterprise app, so Okta is a bit of overkill, but it is a nice solution. Just expensive.

jerry hopper • Oct 16 '19 • Edited

Have a look at fusionauth, its a free fullblown auth solution.
im running a instance on a 2gb VM, with a couple of hundred users.
Oauth, openid, saml - everything you need.

did i mention its free?

Jared • Oct 17 '19

awesome, thanks!

Comment deleted

Jared • Oct 17 '19

Is that just a .net thing?

Cristina Ruth • Oct 16 '19

I've tried Google firebase and Amazon Amplify. Amazon has a default UI it comes with but firebase doesn't. 🙂

Jared • Oct 16 '19

Sweet,may give Amplify a go 👍🏼

Seanmclem • Oct 16 '19

Firebase has some UI libraries you get on npm. Or check out on GitHub. They have plain JS versions and some framework specific ones. But I don't think they are officially supported by Firebase or anything they're just community libraries.

Jared • Oct 17 '19

Cool cool. Thank you!

Kevin Ard • Oct 17 '19 • Edited

I like rolling my own JWT service. Of course, it's more work - but, like all things, you'll find a better product this way.

If you're greenfield and GQL is on the table, I had an AMAZING experience with Prisma. I went from vacant project dir to production-ready JWT auth in... 5-ish minutes.

Jared • Oct 17 '19

Cool! Been messing around with Prisma lately. May choose that for the next project for sure 👍🏼

niyasrahman • Oct 17 '19

AWS cognito

Jared • Oct 17 '19

got any resources?

Nick Bolles • Oct 17 '19

Accounts js is a cool, very modular library based on the meteor accounts module.
It's a pretty good balance of home grown vs Saas and has plugins for oauth, auth0 (I think?) And many more coming.