artie-codecrafter

Arina Artemis, Codecrafter

@artie-codecrafter

  • xe/xer, they/them
log in
artie-codecrafter
@artie-codecrafter
artie-codecrafter
@artie-codecrafter
artie-codecrafter
@artie-codecrafter

Ugh

You know, I really don't wanna bother with OAuth right now.
But also I don't wanna tell my potential users (all 3 of them) "hey, I migrated to a different auth, all your passwords are now reset" mostly for the sake of adding Google login sometimes.
Why OAuth so heckin hard.

artie-codecrafter
@artie-codecrafter

After digging around various SAAS auth solutions

Screw that. I'm not gonna let some birdsite influencer push me into overcomplicating my project.
For an MVP, I think, simple password-based auth is fine.
I would want fancier stuff later, and I can just use an OAuth2 library to add other auth providers.

For now at least, I do not foresee a need to bother with a centralized SAAS solution.

You must log in to comment.

in reply to @artie-codecrafter's post:

in reply to @artie-codecrafter's post:

jcolag
@jcolag

I wouldn't call this "advice," because I barely understand our requirements (new job and all), let alone yours, but the thing that I work on ended up going with AWS Cognito for authentication, because my predecessor pointed out (as I probably would have) that (a) it at least presents an OAuth-like profile that makes it replaceable later, and (b) we don't have the capacity to maintain our own security.

So, yeah, early stages, just hash and salt a password. Or if you want to be a weirdo (I'm always tempted), there's always SQRL.

login to reply