Ask HN: Should you implement your own authentication system?
How would you proceed to add a login to your website? Setup a database with bcrypted credentials? Use a service / oss? What are common pitfalls? What's your thought on Auth0, Azure AD B2C, Keycloak, ORY (especially Kratos) and others? Would you still recommand using a full-blown solution if there are just basic customer logins required (not even self registration)?
1 comments
Why would you not do it yourself? It's literally webdev 101.
If you offload it to a 3rd party you're giving them access to your entire customer base (regardless of what they say), you're also introducing multiple points of failure and increasing your attack surface.
If you offload it to a 3rd party you're giving them access to your entire customer base (regardless of what they say), you're also introducing multiple points of failure and increasing your attack surface.