[thephyber]

There is really no reason any developer should try to roll their own auth these days. OWASP has identified and enumerated all of the relevant info. It seems like negligence when a teacher/professor talks about building a web app without referencing the project.

[ak39]

When you say "roll their own auth", are you implying "designing from scratch their own method or idea of authentication"?

Or are you implying using existing libraries or services instead of rolling out your own?

[anayar]

But even if you use a third party, tying identity in to your application almost always still has to be rolled on your own right? So no matter how bulletproof the 3rd party solution, it’s likely that a tremendous number of vulnerabilities on an application basis could come from faulty auth integrations as well