Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
@neeno
I would recommend going with Auth0 or Firebase Auth if you have a real world use case. I've rolled my own authentication several times early in my career and it can turn from week to months of works and still not be as secure. Security is hard. Unless you're approaching this from a purely educational perspective to learn about cryptography etc, I would suggest using a security service. There are many articles and blog posts written by the companies themselves about the various aspects of authentication, depending on your use case. In my experience, Auth0 has been a neccesary pain in the arse for many of the companies I've worked for. For my personal projects, I've found Firebase Auth simpler
Sorry if that doesn't answer your question. If you just want to roll one anyways, just find articles describing auth implementations in the language you already know. The concepts will be similar. The best way to learn is to try to implement one. Good luck -
neeno31484y@parliament718 I actually found a few articles and got a rust crate to deal with JWTs. Setting everything up was easy and it works, but now I realize there's tons of stuff I still need (e.g. refresh tokens) and I've decided to go with an already built solution (more secure, less work for me). I'm staying away from auth0 because they're pretty expensive, so I might go with firebase.
Thanks for the insight!
Related Rants
-
xonya30** The most hilarious authentication implementation I've ever seen ** They stored password in cleartext, but ...
-
linuxxx39I get that fingerprint authentication is very convenient but I'd never use it (not even for privacy reasons th...
-
gosubinit10Protecting credentials from eavesdropping using HTTP Basic Authorization header:
Any recommendations on resources that teach how to build a secure email/password authentication system? I'm looking for something language/framework agnostic, I want to understand the process, why stuff is done the way it's done, and implement it in Rust.
I've been searching but all I can find are some rather shallow posts from companies trying to sell their authentication services. I have zero knowledge on how cryptography and hashing works, I'm pretty lost on what to use and how to use it.
question
authentication
recommendation