That's a great analogy. My only addition would be the nuance of that data modelling is way more flexible than authentication (and this is said as someone who is continually surprised by the business requirements, standards, and complexities of auth). Data modelling, after all, needs to handle the entirety of reality (at least what can be mapped to a computer). So you're more likely to outgrow it.
I've heard plenty of stories of folks moving from homegrown auth to a off-the-shelf solution, but that's because I'm in the off-the-shelf auth space.
It'd be super interesting to hear stories of folks who went the other way, and outgrew their service provider's auth.
Oh man, it really depends(tm). If you are building a small internal app, sure, but you'd often still be better off leveraging a social provider or employee directory.
I work in the auth space (for FusionAuth) and we run into plenty of folks that started out rolling auth themselves. Just username and password right? A bit of hashing, salting and leveraging a built-in crypto library.
But then you need to add account recovery. And then MFA. And then registration. And then progressive registration. And then webhook integration. And then passkeys. And then SAML integration. And the delegated SAML setup. And then and then and then.
You're distracted from your core application by feature requests for your login system.
You have lots of options nowadays. Use a library provided by your framework (Rails, Spring, and Django have them), use a tool like Better Auth, use a third party system like FusionAuth or Auth0. But don't build undifferentiated functionality that impacts your user experience.
PS Of course, where I stand depends on where I sit, but I firmly believe that you should not build an auth system the same way you should not build a database.
> Camarota does raise a fair point: US-born children of immigrants would not exist in the United States had their parents not immigrated. If the goal is to estimate the total fiscal effects attributable to immigration, then including those children alongside their parents is a reasonable exercise. Of course, that argument also means we should include the grandchildren of immigrants in the analysis because they wouldn’t be here without immigrants either. Great-grandchildren too. On second thought, Camarota doesn’t have such a good argument.
FusionAuth | Principal Software Engineer, Senior Java Engineer - Cloud, Account Executive | Varies between REMOTE (in USA, also in Europe but only for the account exec position) and ONSITE in Denver, CO, USA, details in each job desc | Salary ranges for the Principal Software Engineer it is 225k-270k, but the Euro positions don't have them :(
At FusionAuth, our mission is to make authentication and authorization simple and secure for every developer building web and mobile applications. We want devs to stop worrying about auth and focus on building something awesome.
There are a lot of companies in the auth space, but we feel like we have something special:
* a relatively unique deployment model (self-host on-prem, run in your cloud or let us operate it for you in ours)
* A well designed API first approach; one customer compared our APIs to petrichor
* a mature product (the code base is nine+ years old and we've found and fixed a lot of the sharp edges around core login use cases; but don't worry, there are plenty more features to add)
* a full featured free-as-in-beer version which makes the sales cycle easier; prospects often come in having prototyped an integration
Our core software is commercial. We open source much of our supporting infrastructure. Technologies and standards that you will work with: modern Java, PostgreSQL, Docker, Kubernetes, MySQL, OAuth, SAML, OIDC.
Learn more, including benefits and salaries, and apply here: https://fusionauth.io/careers/ ( Click/tap the 'View open positions' orange button. )
That's a good point. The behavior varies wildly based on the domain provider and the behavior when you let a domain expire is similar to what happens when a phone number is deactivated, but with a possibly bigger blast radius.
Senior Director, CIAM Strategy & Identity Standards at FusionAuth / https://fusionauth.io/
Personal site: https://www.mooreds.com, [email protected], +1 720 560 8545 (email preferred).
@mooreds on Twitter. https://bsky.app/profile/mooreds.com on Blue Sky.
Editor/writer for https://letterstoanewdeveloper.com/
Writer at https://ciamweekly.substack.com/
LI: https://linkedin.com/in/mooreds
meet.hn/city/us-Boulder