DEV Community

Discussion on: Should I prioritize authentication first in my project than its core functionalities?

thatjoemoore profile image
Joseph Moore • Edited on

My advice: integrate authentication early, but don't reinvent the wheel. Find an OSS solution (Hydra looks interesting) or SaaS provider (like Auth0) that can handle the hard parts for you. It's really easy to mess up something as complex and important as authentication.

One approach that's worked well for me is to find some sort of simple, extensible middleware (like Passport in Node or PAC4J in Java) that can abstract away authentication (and possibly authorization too). Then, I add it to my project, with the most basic setup possible (like using HTTP Basic Auth against a hard-coded list of usernames and password hashes). Then, I work on implementing some of my core services. When I get to the point that someone else might want to call the service (like an alpha or beta user), I deal with the more complicated configuration necessary to add in a full-featured authentication engine.

I will say, though, that if you go with something like Auth0, you can skip the "basic setup" part, since integrating with those types of services is usually quite simple.