[blhack]

Roll my own. Passwords are stored as bcrypt hashes. Just use plain old cookies to store session IDs.

[equasar]

What about localstorage for storing a token instead of a cookie?

[tnr23]

what about caring about things that matter?

[blhack]

What benefit would that have over a cookie? (Honest question)

[tnr23]

Exactly! +1

Simplicity is also Security

[basejumping]

No, everyone should use auth0, okta, cognito

[bpicolo]

Auth isn't rocket science - I'd encourage people to recommend well-guided DIY here for newer developers in a lot of cases, because foundational tech learning experiences are critical to growing as a developer.

There's value to many in SaaS offerings, but any decently-sized programming ecosystem has a crap ton of auth offerings. e.g. Devise [0], Dotnet Identity [1], Django Auth [2]. Authorization is the fiddly/annoying part. For authentication, a reasonably motivated developer can expect to have workable, secure password authentication going in a couple hours, as long as they don't try to invent their own encryption scheme.

[0]: https://github.com/plataformatec/devise [1]: https://docs.microsoft.com/en-us/aspnet/core/security/authen... [2]: https://docs.djangoproject.com/en/2.1/topics/auth/