I usually leave the authentication to the end, just before first deployment. it's a bit of a distraction.