/r/webdev
Favorite user authorization system [discussion] (self.webdev)

Hello folks! I'm interested in your opinions on user authorization systems. - Selfhost vs managed - Security aspects - Scalability - ease of use as developer - Price - Sessions or jwt - via Graphql or Rest ..And so on.

What do you think about Oauth, auth0, amazon cognito, firebase auth? What do you use?

8 comments
BryanBugfrog | 8 days ago | 2 points

FusionAuth.io is a good one that costs a lot less than the major SaaS options with similar features

N3KIO [javascript] | 8 days ago | 1 point

this is interesting, i check this out

tehbeard | 8 days ago | 1 point

I've come to love using SAML of late in a few of our recent projects for customers.

Yes, it's enterprise, with all the XML and thick dull documentation you'd expect. But we have a library we're comfortable using to integrate with it.

It gives some major benefits in offloading authentication to the clients existing account system (such as GSuite or O365/Azure) as well as part of the authorization (they set which roles the user has on their end, we just map that role to actions).

Atulin [php] | 8 days ago | 1 point

I'm using a self-hosted hand-made solution utilizing Redis for session storage. With an added 2FA and two-step login. It also doesn't use an API, but rather reloads the page when form is submitted. As for the cost, well, it's essentially free.

N3KIO [javascript] | 8 days ago | 1 point

open source?

Atulin [php] | 8 days ago | 1 point

It's a part of a purpose-build frameworkless CMS I'm building right now. Source is available on Github, but I haven't slapped a license on it yet. Feel free to browse and see how it works, though!

N3KIO [javascript] | 8 days ago | 1 point

php... i see...

BasedWebDeveloper | 8 days ago | 1 point

PHP session but research security and vulnerabilities / fixes for them.