|
|
|
|
|
|
by joshgermon
1092 days ago
|
|
|
Oh really?
I mean I'm almost to relived to hear this because the "never roll your own auth" crowd is honestly deafening. You ask any question on a lot of sites and communities (twitter, reddit, stack overflow) just about anything to do with auth and you'll get slammed with comments preaching about this. I think Hacker News is somewhat an outlier in this I will say, as in previous threads this doesn't seem to be anywhere near as common. They always have the same "you think you know better than the 1000s of auth and security experts working on Auth0 or xyz". Which, no obviously not. But there's clearly defined standards such as bcrypt and how to handle sessions etc; and even the OWASP cheatsheets too. I feel I could implement an auth service wrong too with calling their API if I really tried. |
|
|