Hey everyone. I’ve been researching for the past few months about authorization. I’ve read articles about how difficult it can be to build your own. I was wondering if that is true? If any of you are facing the same problem, I would love to know your thoughts and experience in building one. Thanks.
For further actions, you may consider blocking this person and/or reporting abuse
Top comments (3)
It depends on what you mean by Authorization System. Are you talking about backend auth, front end auth or both? It also depends on the platform and system you're going to use it with.
In general, I'd say it's not as easy as it might seem. Making a basic auth system can be quite straight forwards, making it robust and secure is another thing. It also depends on the features you want to have, the type of auth, using tokens or cookies, can the session be shared across subdomains, do you want 2fa, etc...
So yeah, it's kinda non-trivial to do it well, and quite easy to built it wrong.
You could just use Magic - It comes with integrated registrations, double optin of emails, configurable extra fields, authentication and authorisation - The whole shebang basically ^^
if your objective is one system to use for authentication and authorization in your app, I recommend using Keycloak as an enterprise solution for this final.
keycloak.org/