Ask HN: What do you use to build auth? A library, a provider, writing your own?

• Sandstorm

  51 6,668 5.4 JavaScript

  Sandstorm is a self-hostable web productivity suite. It's implemented as a security-hardened web app package manager.

  

I build my apps on Sandstorm[1]_. Sandstorm provides authentication as a part of the platform. For Django applications, I wrote Django Loves Sandstorm[2]_.

If your application fits into Sandstorm's model of grains[3], then the security benefits of Sandstorm are many.

.. [1] https://sandstorm.io/

• proof.im

  1 3 2.1 Ruby

  Zero-Trust Signature Based Proof of Identity

I'm exploring a signature-based authentication scheme here: https://github.com/jshawl/proof.im

At a high level:

1. Claim and prove ownership of a public key

• Scout Monitoring

  www.scoutapm.com featured

  Free Django app performance insights with Scout Monitoring. Get Scout setup in minutes, and let us sweat the small stuff. A couple lines in settings.py is all you need to start monitoring your apps. Sign up for our free tier today.

  

• SuperTokens Community

  114 12,070 9.2 Java

  Open source alternative to Auth0 / Firebase Auth / AWS Cognito

  

I'm currently working on a project with the same stack: NextJS + Prisma + Postgresql and I started to implement this open source auth library:

https://supertokens.com/

Here is the documentation for implementing the library with NextJS:

https://supertokens.com/docs/thirdpartyemailpassword/nextjs/...

• django-sesame

  5 949 5.9 Python

  "Magic Links" - URLs with authentication tokens for one-click login

• nextjs-hello

  1 4 0.0 TypeScript

  Next.js SDK for signing in with Hellō

I built a Next.js library for this purpose using Hellō and iron-session. This lets me roll a new application with social login without needing to register with Google/Apple/other providers.

https://github.com/irrelevelephant/nextjs-hello

Its interface is essentially just a login button component, and functions to retrieve the user session state on both the client/server.

If you're not using Next.js, you may want to use Hellō directly - it's a simple OIDC provider with some convenient benefits.

https://www.hello.dev/

• django-allauth

  44 9,021 9.8 Python

  Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication.

• zitadel

  80 7,362 9.8 Go

  ZITADEL - The best of Auth0 and Keycloak combined. Built for the serverless era.

  

Disclaimer I work at ZITADEL and am one of the co-founders.

We always recommend not building auth by yourself. In the first place it may look simple like its only two input fields and a button (username, password), but to get a really secure solution its a lot more to do. You might need some more authentication methods like passwordless, mfa or identity brokering with google, microsoft, etc.

With ZITADEL we built a solution that combines best of Auth0 (great SaaS solution) and Keycloak (opensource). We believe that a cloud SaaS solution is great to go if its possible to use a cloud solution, but there are always lots of on-prem use cases, thats why we are opensource. https://github.com/zitadel/zitadel

ZITADEL is also focused on B2B usecases, so you can have multi tenancy really easy.

If you have any questions just let me know.

• InfluxDB

  www.influxdata.com featured

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

Suggest a related project