What auth do you use? Why?

3 points by CGamble26 ↗ HN
For example, Sign up/Login with Google/Apple etc, magic links, and/or one time passcodes.

6 comments

[ 1.7 ms ] story [ 33.9 ms ] thread
I've used jwt with react, making sure to secure the token properly. In my next project I want to use openid so users don't have to manually create a new account.
How long did that take you to build?
For anything serious password + WebAuthn MFA with Ory Kratos. It lets me choose any method really, can be self-hosted or used as SaaS.

IMO it's almost always good to offer some OIDC social login, just depends what provider your users use.

- https://github.com/ory/kratos

This may be a dumb question but, why couldn’t applications just use Webauthn? Why add passwords?
The only reason probably if some accounts already have a password and you want to support it. If you're building a new app, I'd also go for WebAuthn / passkeys-only and use some other passwordless method (e.g. social login/OIDC or email magic links as fallbacks)
Ok understood, thank you very much!