DEV Community

Discussion on: How are you handling User Authentication?

Collapse
 
eaich profile image
Eddie • Edited

I use three levels depending on the user / customer.

Consumer

  • Direct account - rolled my own using sessions as the primary method and JWT as an alternative. Used argon2 as the hashing algorithm. You'll need account creation, e-mail validation using some kind of temporary token/url, integration with trusted e-mail service like SES.
  • Social login - have only implemented Google at this time. They are not too complicated, but does take some time to figure out at first.

Enterprise

  • Federated login using SAML - If you're building for enterprise, this is a must so that you can integrate with their internal directory service.

Another 3rd party that you may be interested in is Okta

Collapse
 
codenutt profile image
Jared

Thanks for the feedback! Its not an enterprise app, so Okta is a bit of overkill, but it is a nice solution. Just expensive.

Collapse
 
jerry_hopper profile image
jerry hopper • Edited

Have a look at fusionauth, its a free fullblown auth solution.
im running a instance on a 2gb VM, with a couple of hundred users.
Oauth, openid, saml - everything you need.

did i mention its free?

Thread Thread
 
codenutt profile image
Jared

awesome, thanks!