What's the easiest way to put authentication into a website

roger profile image Roger Stach ・1 min read

I usually just use PHP & MySQL, but I would like to know the modern way to create it. Probably with MongoDB or some fancy JavaScript framework.


markdown guide

Passport is solid and decently easy to set up if you're using Express (there are independent modules for other frameworks like koa) and don't have anything especially outré in your user model.

Or if you want to use OAuth, there's Grant. But I haven't used that one.


Auth0 comes to mind—Auth as a service. I haven't used it, but it definitely has the potential to take a lot off your plate and will likely integrate well with the fancy JS framework of your dreams.


I implemented it a few months ago and it was kind of easy to setup and a very powerful service.
But I think that it's a good thing to know how to setup at least basic HTTP and JWT Authentication itself before using a Saas for authentication. For example, JWT Auth implementation isn't simple and a bad implementation can lead to security issues on both server and client side. So, implementing the solution by himself is a good way to learn how it works and to learn the best pratices. ;)


What does dev.to use for it's authentication?


Twitter and/or Github oauth2 based on how you can create your dev.to account.. :)


Meteor (JavaScript framework that uses Mongo) has auth built in which makes life super easy! I have found auth in Express kind of tricky but that could just be for my specific purposes. I also love Django (Python) which also has auth out of the box!


I think using Meteor to do authentication is overkill, express and passport are great, especially for learning how things work, but I think the most effective way is not reinventing the wheel, Auth0 does the job perfectly.


That might be true but it's worth knowing about it that makes picking Meteor as a general solution more appealing.

I totally agree with you on that.


As a .NET developer and for my personal projects I feel you can't go wrong with good old ASP.NET Identity. I'm not sure how well it scales to larger projects however.