Ask HN: Best way to do user authentication for web application?

[thaweatherman]

A team of developers and myself are designing a web application and I am in charge of user authentication. I want to provide options such as Facebook Connect and OpenID via Google, Yahoo, etc., but we also need our own authentication method if no one wants to use either of those options. I really really want to avoid password authentication, but if I have to I will do it. Do you think SRP would be a better option, or is there something I am overlooking that would be easier for the user? Thanks

[ibstudios]

Maybe let someone else worry about it?

http://www.mozilla.org/en-US/persona/ http://janrain.com/

[thaweatherman]

Both of these is just signing in with an account from some different site. We want to provide that option, but we want our own option as well for users who don't want to use social media to login

[gspyrou]

Take a look at Windows Azure Mobile Services http://www.windowsazure.com/en-us/develop/mobile/tutorials/g...

[bmelton]

You didn't mention a platform, but if you're using Python or Django, Python-Social-Auth[1] is quite good. It supports a bevy of third-party providers while still allowing for easy local (username/password or email/password) login types as well.

[1] - https://github.com/omab/python-social-auth

[thaweatherman]

Awesome thanks. I might use that in my own applications in the future, but our app uses Angular and Node. Unfortunately I couldn't convince the group to use Django

[bmelton]

Then you might also check out passportjs[1]. Thanks to Node, it's not as drop-in-ready a solution as Python-Social-Auth, but it covers quite a bit, and third party providers are pretty easy to add.

I had troubles with crypt on an older version of Node, but it's almost certainly been resolved by now.

[1] - http://passportjs.org/