Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
@SortOfTested Thanks! I'll definitely look into Okta. But why do you think it's not a valuable experience to implement my own? Is it because it isn't in-demand in the industry?
-
@specialCardinal
It's been done so many times, in so many ways there's no need to reinvent the wheel. All you need to understand are the surrounding concepts like grants, claims, scopes, flows, clients, etc. -
@specialCardinal I think it's a more easy and secure way to implement it and you don't have to worry about scalability. big companies such as Atlassian rely on the Auth0 authentication service
-
@SortOfTested Ah yes, what I meant by implementing my own auth server is by using an OIDC-certified provider library, not actually programming everything up from ground up.
@juanchdzl Auth0 looks similar to service provided by Okta. I'll look into it as well, thanks!
Protecting credentials from eavesdropping using HTTP Basic Authorization header:
I've been planning a startup project for months now. Then, what was a supposedly simple quest of finding out whether session-based or token-based authentication is better, has become a question of whether I should setup my own OpenID Connect (IODC) auth server or stick to simpler methods.
I've already spent almost a week learning OAuth2 and OIDC, and I can't tell whether this route is an overkill for my usecase. (Or that I just don't want to admit I'm falling into the shiny tech trap.)
How about you guys, how would you approach authentication? JWT/JWE? Sessions?
question
authentication
openid