Should you Implement Authentication Yourself?

preview_player
Показать описание
I discuss the pros and cons of using an authentication service like Auth0 or Amazon Cognito vs. implementing authentication yourself.


----
#benawad
  1. Ben Awad
  2. authentication
  3. Auth0
  4. Amazon Cognito
  5. Implement Authentication Yourself
Рекомендации по теме
Should you Implement 0:10:38

Should you Implement Authentication Yourself?

Session vs Token 0:02:18

Session vs Token Authentication in 100 Seconds

Auth0 in 100 0:08:24

Auth0 in 100 Seconds // And beyond with a Next.js Authentication Tutorial

Authentication is a 0:15:58

Authentication is a developer nightmare

128. What Authentication 0:20:41

128. What Authentication System Should I Use For My App?

Authentication Doesn't Get 0:05:04

Authentication Doesn't Get Easier Than This

PassportJS vs Manual 0:01:00

PassportJS vs Manual Authentication

STOP using this 0:05:05

STOP using this Two-Factor Authentication (2FA) method!

Implement Authentication in 0:58:12

Implement Authentication in Your React App with Auth0

The Problems with 0:13:17

The Problems with Password Authentication: Why I Switched

'Basic Authentication' in 0:05:07

'Basic Authentication' in Five Minutes

Self-Rolled Authentication vs 0:01:00

Self-Rolled Authentication vs Authentication Service vs Library #coding #reactjs #webdevelopment

is Clerk Authentication 0:00:54

is Clerk Authentication good? #coding #developer #softwareengineer #code #programming

What Is JWT 0:14:53

What Is JWT and Why Should You Use JWT

I Wish I 0:17:08

I Wish I knew about This Authentication Tool Earlier

What You Need 0:06:59

What You Need to Know About Authentication and Authorization in 2024? - Peter Fernandez from Auth0

Authentication on the 0:37:05

Authentication on the Web (Sessions, Cookies, JWT, localStorage, and more)

Google OAuth 2.0 0:05:04

Google OAuth 2.0 Login for React in 5 minutes

Getting started with 0:14:16

Getting started with account linking and anonymous authentication

Authentication in React 0:23:45

Authentication in React with JWTs, Access & Refresh Tokens (Complete Tutorial)

You Shall Not 0:55:10

You Shall Not Password: Modern Authentication for Web Apps - Eli Holderness - Copenhagen DevFest

Next.js App Router 0:11:31

Next.js App Router Authentication (Sessions, Cookies, JWTs)

Android Firebase Authentication 0:00:37

Android Firebase Authentication Tutorial Using Firebase Google Login

and user implement 0:03:57

and user implement multiple authentication guards

Комментарии
Автор

Finally someone calling out Auth0 being confusing due to OAuth. Thank you!

stankokostic
Автор

Auth0 is the most expensive thing I've ever seen. Just yesterday I had a call with our CFO and 2 sales people from Auth0.
They wanted to charge us $500.000 per year. Essentially $1 per monthly active user per year.
And this price tag was already on a 66% discount. Usually they cost $3 per MAU per year (on the enterprise plan).

philipptanlak
Автор

This was a good summary for the topic. You should do a video on some of the high-high-level of what it takes to setup a complete "secure" website/server. Lots of unknown unknowns that make me worried about trying to get a project going that has any kind of sensitive data.

paulschneider
Автор

4:00 fuck, that mosquito was hard to watch

guiquintelas
Автор

Thanks for the shoutout Ben!
We are launching a cloud service for the whole Ory stack soon.
If you or anybody in the comments would like to test drive that, feel free to hit us up!

ORYAcademy
Автор

Auth0 and other managed services really shine where maintenance is involved in a project. They take care of trivial things at a fraction of your hourly rate so you can focus on features which actually matter.

Web_Club
Автор

I think we should be aware of things becoming commodities in the software industry. Then you can balance when to do it in-house, or when to buy it ready. For instance, you need to have MFA in your product. Buying an of-the-shelf solution will let the team focus on real customer value much quicker.

seidenada
Автор

put tiger balm on mosquito bites if they're itchy, works like a charm!

nickwoodward
Автор

can we just take a moment to appreciate Ben's camera quality? I could see the blood moving through the mosquitoes straw

ozdagap
Автор

I totally agree with you, we don't even know if they have their own implementation. Smaller ones just uses maybe the same thing you would, but we must say that the ease of use it's better.

ProgrammingwithPeter
Автор

Thanks! I scoured the internet, and I could not find content on this topic. DIY vs off the shelf authentication. Planning on doing the diy route, but seems a lot of companies are invested in getting developers to hand off this responsibility.

habibmkhan
Автор

The risk of breaking GDPR or screwing up the authentication and getting hacked is just way too high for many businesses. Failing to meet GDPR is a maxiumum fine of £17.5million or 4% annual turnover whichever is highest. This is a pretty big fine and I would not risk it just for a couple $$$ a month. Also it takes ages to code it yourself and then maintain that code. Why re-invent the wheel when these solutions exist and their sole focus is in protecting their customers, imo the costs and features of these managed services outweigh the cons and we should leave it to the experts and instead use our time more effectively.

dandogamer
Автор

Implementing the constantly evolving auth protocols requires a lot of time making sure you are keeping up with the latest security best practices. I also found auth0's definition of "active users" not too transparent and was specially fearfull of setting up a website that allowed public registration for that matter. Personally I find that having an IAM like Keycloak available as a microservice is the best option in terms of cost/benefict and your are always free to choose between implementing custom auth on your projects or adding another realm to the IAM service.

SERV
Автор

Great video on this, I have felt the same about most of the things you've said and like you try not to re-invent the wheel and just use what is out there. They spend a lot of money and time on these things so you would hope these are way better and more secure than what we could roll on our own. Thanks

causecaos
Автор

All this "if you're a front end dev" or a "backend dev" but in the end we forget it's far more convenient for the user to have all accounts linked in one place.

rotselserv
Автор

I agree with him in regards to using open source software . . . and hosting it on your own server. Another thing he didn't cover is 2-factor authentication. I want to control how that 2-factor auth works. I'm strongly considering QR codes (with alternative text input).

caLLLendar
Автор

I wouldn't say cost doesn't matter, some of these services can cost ~$20, 000 a year as soon as you leave the (only really good for dev) free tier

Edit: didn't wait 15 seconds for the next bit :P

Tiddle_s
Автор

I like your thought process and that is what most big companies does.. they induce the fear to do business. like AWS sell AWS certificate to make you think that you loose if you don't have one, or Auth0 sell security threats to make you sign up for them. I think they should give a fair picture than a biased one for people to choose.

amareshsat
Автор

It is most likely always "... stored on someone else's server" (6:13), except if you operate your own server @home or in you own data center.

AnsgarHugo
Автор

I am working on an app and faced this crossroads. I have setup my own Auth stuff on Node, but decided for my project to use Auth0 in the end. But, I can see where it's kinda hard to decide. I had a lot of people tell me not to roll my own.

SteelVoltagerpg