I would like a magic link to email + long time bearer cookie. Extremely simple. Email is used for recovery anyway. Is there any deal-breaking downside to that? Is it worth using eg Google to prevent abuse of e.g. excessive free tier account creation or spammers?<p>Use case: SaaS for non-techies on desktop, international audience with payments for premium service.
My biggest struggle with projects right now is how to handle auth. Sure hashing a password and pairing it with a n email is easy in theory, but there are bad actors with zero days for any db/backend I’d want to use and they can practice all they want on my app as it sits on a server exposed to the world 24/7.<p>I’m going with trying out firebase auth for the express apps I’m building now, but this makes me even more inclined to check out go when I’m finished with this latest project.
It looks like this uses JWT, which was disgust here a few days ago: <a href="https://news.ycombinator.com/item?id=33019960" rel="nofollow">https://news.ycombinator.com/item?id=33019960</a>
It looks fairly well thought out. I can imagine myself adopting it for internal sites (e.g., auth against corp okta)<p>Does anyone have any experience with it? It's been a while since I've really dove into authentication best practices, so I don't want to comment on implementation quality. The interface looks nice enough to use.
Apart from this and <a href="https://github.com/python-social-auth" rel="nofollow">https://github.com/python-social-auth</a> , which languages have such meta-libraries providing uniform interface to authentication through a lot of social platforms?
Shameless plug, but I built a thing[0] that lets you set up auth in 2(!) steps after you've signed up.<p>It's not free, but it's VERY easy to use/complete setup, supports regular auth (username/pw, email), and has support for a <i>lot</i> of providers (especially twitter with it's dreaded OAuth 1.0 setup), and it's probably the easiest to get started with.<p>Try it out for free, send me an email (see profile) and I'll get you set up or discounted.<p>[0]: <a href="https://waaard.com/for/login" rel="nofollow">https://waaard.com/for/login</a>
This title is interesting, because "Auth" (Authoritarian) and "Lib" (Liberal/Libertarian) are both used to denote opposite ends of the vertical axis of the "political compass."