DEV Community


Discussion on: A Guide to Securing Node.js Applications

ecyrbe profile image

I would argue that many things you list are controversial.
First, not everybody is building secured services on cloud, and many developpers are building in enterprise private infrastructures.

For many of us:

  • exit social auth, but use openid connect on your validated provider (in enterprise there's a chance you have one if your are in medium or Big company). But the result is the same, decoupling the authentification stack from your code is better. You finally only need to validate a JWT.
  • exit authress, i think you are biased, because it's your product. Try to detach yourself when giving advices. This service, to be honest sounds like an horrible Idea. I prefer building my own IAM on top of an opensource one than using a service like that.