Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
But... what if it is? :(
EdoPhoenix153784dBut what if all current auth solutions are utter shit *ehem* node *ehem*
Well of course it's not.
Not by itself.
The auth is what MAKES it special :)
bahua1245684dI made my own auth for my ledger web app. It stores a hash of the password in an encrypted backend. I'm pretty proud of it. That said, only I use the app. I didn't write it with the intent of anybody else using it. Another app I wrote uses a module that interfaces with corporate AD to check passwords. I wrote the code that handles the sessions and cookies, but I leave the storage of credentials to the company.
linuxxx15298084dI'd rather not let clients/users sign in through mass surveillance integrated services (Facebook, Google and such) so that rules out a lot and I can't be 100 percent sure that every other auth service does hashing and whether or not they properly secure their shit.
Therefore I choose to do it myself. Am I saying that I'm better at this than huge ass companies? Definitely not (per definition), its just that I have a hard time trusting companies/external parties with this data and next to that, if they have an outage...
EdoPhoenix153784dAnother good reason why you should write your auth yourself is that it won't be deprecated by some 3rd Party.
reij48484dNothing is ever going to be special if you don't claim it
Root5838783dRoll your own crypto?
Roll your own auth?
Why not? It's not exactly difficult. Do you roll your own leftpad, or let someone else handle that, too?
Theres really a need for a middleman 'one and done' SSO service, that anyone can use as an api on their website, to decouple usernames from facebook/google/microsoft/twitter profiles.
It would go a long way, or at least be a big step to taking back our privacy from these megacorps.