Ask HN: What do you use for an authenication/authorization solution
I’m working at an early pre seed startup and building out the product. Every time I visit implementing Identity, I struggle with a good solution. Building it in house is costly and fraught with potential errors, but platforms like Auth0 charge an exorbitant amount per user that’s difficult to do at an early stage of a company. I’m curious to what other people are using in their products.
9 comments
[ 121 ms ] story [ 662 ms ] threadCons: difficult (sometimes impossible) to customize, password complexity can't be set (6-letter passwords allowed, wtf), and worst of all - it's Google, so expect appropriate level of care from the company (read: none). Definitely planning to switch out when/if there is traction, but for an early MVP I found it to be quite decent.
This is more complicated yes, however you are less likely to end up in a situation where a core identity provider unreasonably raising their rates results in either a significantly higher cost-per-user or significant user attrition during provider account migration.
Or if you’re less risk averse just pick a major identity provider such as Auth0 and use their free plan for getting started easily. Many major providers offer “easy” migration away from their competitors and provide extensive documentation for how to integrate with their platform.
personally i would revisit the problem first if my current market really needs a full blown solution or i can get away with simple postgres backend with simple users table and rbac implementation (sometimes it's even just a roles array in server side)
much of it though is addressable once theres a real business need to it, hiring a dev that really knows hows to roll it out is worth the money, or even a consultanf that can guide you through it
I think answering these questions first will help you to find a suitable solution in this space, as each provider has different strengths and weaknesses depending on your use case.