Every application with user roles requires an authentication feature. Whether it is the good old username with a password or passwordless login, creating and maintaining it takes some time and effort.
If you have enough time and budget to build an authentication and authorization process, then go for it.
The problem with this approach is that you cannot scale or it can consume your time and take extra effort for every project.
Back in 2010, at my first job, we were creating custom CMS using PHP and MySQL.
Though we had version control, every developer on the agency had their own variation. It took at least a few hours to alter database schema, user meta, etc, and refactor the code for each and every project.
I secretly wished to use a unified solution for this. This also poses security threats as well, some old versions of the software needed some love which they deserved.
On the whole, it was a painful developer experience.
Think about spending more time on the authentication itself, instead of building the other features of the application!
Bringing your own authentication is not a feasible and best way to develop apps in my opinion. Would love to hear your thoughts on the comments.
With the rise of open-source CMS, the time to build an app got reduced. Instead, we all focused on the customization.
There is no good or bad CMS, as long as it comes with the features you need and it allows you to customize.
Over the years, I had the chance to work with WordPress, Drupal, Magento, and PrestaShop-based projects.
For some projects just adding the client’s logo and colors to the login page is enough, others required adding user roles and capabilities etc.
Gone are the days with monolithic CMS, we are now using microservices and headless apps.
Instead of building or customizing an existing one, we can now plug and play authentication.
This also removes the security related issues as they will be taken care of by the auth provider.
Most of the auth providers in the market come with extendable features.
After trying few auth providers, I have started using Auth0 for both hobby and client projects too.
Authentication is an important part of any application, but it should not take much time and efforts. Don’t reinvent it, find a solution that suits your needs and allows you to customize.
Auth0 comes with generous user limit of 7K monthly active users for its free tier, which is more than enough for a start.
I also like the ease of usage, developer experience and active user community.
Enough of recommendation, check out other auth providers too and chose the right one for you.