[mcappleton]

Honestly, I don't think there is a real shortcut for in depth knowledge of how secure authentication should work. I think if your going to be writing a program with authentication, you need to know what is going on, what the framework is doing under the hood. If you don't, you are likely to misconfigure it or trust it to do something it doesn't do.

Writing a secure auth isn't exactly hard, and there is good info on the web about it. It just requires time to implement and not taking shortcuts to do it right.

In node there are not really official solutions - it's just packages. Php has a nice password_hash function which hashes and salts your password for you securely.

[micaksica]

I disagree. Do you believe that web application developers should be able to write an efficient JavaScript interpreter, or build a working CPU in Verilog? As technology increases in complexity, roles specialize. Skillsets diverge and junior developers should have frameworks accessible to them they can rely on.

Most of us have made our careers standing upon the shoulders of relative giants until we have grown enough to become taller ourselves. I don't believe that you should have to be able to build a reliable authentication framework to be able to write a decently secure web application.

[mcappleton]

If you don't understand CPU cycles, your application might get a teeny bit slower. If you don't understand security, your application could get hacked! It's definitely nice to have a good auth framework, but I think security is important enough that it's worth taking 1 hour to learn how to do it right.