科技回声

8 条评论

klabb3超过 2 年前

I would like a magic link to email + long time bearer cookie. Extremely simple. Email is used for recovery anyway. Is there any deal-breaking downside to that? Is it worth using eg Google to prevent abuse of e.g. excessive free tier account creation or spammers?Use case: SaaS for non-techies on desktop, international audience with payments for premium service.

评论 #33064759 未加载

7speter超过 2 年前

My biggest struggle with projects right now is how to handle auth. Sure hashing a password and pairing it with a n email is easy in theory, but there are bad actors with zero days for any db/backend I’d want to use and they can practice all they want on my app as it sits on a server exposed to the world 24/7.I’m going with trying out firebase auth for the express apps I’m building now, but this makes me even more inclined to check out go when I’m finished with this latest project.

评论 #33063048 未加载

评论 #33062430 未加载

评论 #33062129 未加载

评论 #33061816 未加载

评论 #33064777 未加载

评论 #33063097 未加载

评论 #33061641 未加载

kyrra超过 2 年前

It looks like this uses JWT, which was disgust here a few days ago: <a href="https://news.ycombinator.com/item?id=33019960" rel="nofollow">https://news.ycombinator.com/item?id=33019960</a>

评论 #33061901 未加载

chrsig超过 2 年前

It looks fairly well thought out. I can imagine myself adopting it for internal sites (e.g., auth against corp okta)Does anyone have any experience with it? It's been a while since I've really dove into authentication best practices, so I don't want to comment on implementation quality. The interface looks nice enough to use.

评论 #33062863 未加载

评论 #33061480 未加载

valyagolev超过 2 年前

Apart from this and <a href="https://github.com/python-social-auth" rel="nofollow">https://github.com/python-social-auth</a> , which languages have such meta-libraries providing uniform interface to authentication through a lot of social platforms?

评论 #33062243 未加载

评论 #33063113 未加载

评论 #33067468 未加载

评论 #33065396 未加载

dolmen超过 2 年前

I stopped reading when I saw "JWT".

hardwaresofton超过 2 年前

Shameless plug, but I built a thing[0] that lets you set up auth in 2(!) steps after you've signed up.It's not free, but it's VERY easy to use/complete setup, supports regular auth (username/pw, email), and has support for a lot of providers (especially twitter with it's dreaded OAuth 1.0 setup), and it's probably the easiest to get started with.Try it out for free, send me an email (see profile) and I'll get you set up or discounted.[0]: <a href="https://waaard.com/for/login" rel="nofollow">https://waaard.com/for/login</a>

ralusek超过 2 年前

This title is interesting, because "Auth" (Authoritarian) and "Lib" (Liberal/Libertarian) are both used to denote opposite ends of the vertical axis of the "political compass."

评论 #33061856 未加载

评论 #33061774 未加载

评论 #33062135 未加载

8 条评论

klabb3超过 2 年前

评论 #33064759 未加载

7speter超过 2 年前

评论 #33063048 未加载

评论 #33062430 未加载

评论 #33062129 未加载

评论 #33061816 未加载

评论 #33064777 未加载

评论 #33063097 未加载

评论 #33061641 未加载

kyrra超过 2 年前

It looks like this uses JWT, which was disgust here a few days ago: <a href="https://news.ycombinator.com/item?id=33019960" rel="nofollow">https://news.ycombinator.com/item?id=33019960</a>

评论 #33061901 未加载

chrsig超过 2 年前

评论 #33062863 未加载

评论 #33061480 未加载

valyagolev超过 2 年前

评论 #33062243 未加载

评论 #33063113 未加载

评论 #33067468 未加载

评论 #33065396 未加载

dolmen超过 2 年前

I stopped reading when I saw "JWT".

hardwaresofton超过 2 年前

ralusek超过 2 年前

This title is interesting, because "Auth" (Authoritarian) and "Lib" (Liberal/Libertarian) are both used to denote opposite ends of the vertical axis of the "political compass."

评论 #33061856 未加载

评论 #33061774 未加载

评论 #33062135 未加载

Go Auth Lib

8 条评论

Go Auth Lib

8 条评论