christopher
@christopher
Going from miniapp to full app is an eye watering amount of work to undertake. Most builders will “skip” authentication by putting themselves in debt with a centralized product. If you fumble this or can’t manage that vendor you’re not going to make it far in building other pieces.
3 replies
9 recasts
93 reactions
Kasra Rahjerdi
@jc4p
at some point “don’t roll your own crypto” got morphed alongside “don’t roll your own auth” which sucks cause one is really good and necessary until you need to implement SSO then it’s hell
1 reply
0 recast
9 reactions
christopher
@christopher
OAuth 2.0 was a huge mistake and has set us back decades in internet and online economic freedom..
1 reply
0 recast
5 reactions
Garrett
@garrett
What would be the ideal alternative? What’s the best open source auth solution if building your own auth?
2 replies
0 recast
5 reactions
Kasra Rahjerdi
@jc4p
u make a users table u have a hashed_password column in the table u bcrypt or crypto module to encode their password alongside a salt u check the dash if it matches u generate a JWT with their user id
4 replies
1 recast
5 reactions
christopher
@christopher
People forget passwords :/
1 reply
0 recast
3 reactions
Kasra Rahjerdi
@jc4p
if someone's not using a password manager in 2025 that's on them they don't deserve my site
2 replies
0 recast
2 reactions
Garrett
@garrett
So there’s no recourse if you forget?
1 reply
0 recast
2 reactions
Kasra Rahjerdi
@jc4p
you verify their email (or whatever second method you have) by sending it a unique url with a hash you have temp stored saying "this belongs to user ___" and if they click that url you allow them to set a new password
0 reply
0 recast
1 reaction
