[jhughes2112]

I'm the article author. Don't have all the answers. :-)

The appealing part for me was not reinventing the wheel for each application. Auth is hard to do well. Here's what I do know (to save you a search or two): - You definitely still want an application-level DB for you to have app-level features like showing friends/leaderboards/forum user names, etc. - Any decent auth system lets you skin the login forms however you want.

My guess about local dev is you skip the auth entirely and just force-feed the decoded JWT into the application. You can setup oauth2 using a hosts file to work properly, but it's a lot of work just to get to the decoded JWT to feed your app. YMMV.

Glad you found it interesting!