Any recommendations on resources that teach how to build a secure email/password authentication system? I'm looking for something language/framework agnostic, I want to understand the process, why stuff is done the way it's done, and implement it in Rust.

I've been searching but all I can find are some rather shallow posts from companies trying to sell their authentication services. I have zero knowledge on how cryptography and hashing works, I'm pretty lost on what to use and how to use it.

  • 0
    @shakur auth0?
  • 1

    I would recommend going with Auth0 or Firebase Auth if you have a real world use case. I've rolled my own authentication several times early in my career and it can turn from week to months of works and still not be as secure. Security is hard. Unless you're approaching this from a purely educational perspective to learn about cryptography etc, I would suggest using a security service. There are many articles and blog posts written by the companies themselves about the various aspects of authentication, depending on your use case. In my experience, Auth0 has been a neccesary pain in the arse for many of the companies I've worked for. For my personal projects, I've found Firebase Auth simpler

    Sorry if that doesn't answer your question. If you just want to roll one anyways, just find articles describing auth implementations in the language you already know. The concepts will be similar. The best way to learn is to try to implement one. Good luck
  • 1
    @parliament718 I actually found a few articles and got a rust crate to deal with JWTs. Setting everything up was easy and it works, but now I realize there's tons of stuff I still need (e.g. refresh tokens) and I've decided to go with an already built solution (more secure, less work for me). I'm staying away from auth0 because they're pretty expensive, so I might go with firebase.

    Thanks for the insight!
Add Comment