
Ask HN: What are folks using for identity management? - wrburgess
As I&#x27;m building prototypes or products for clients, I&#x27;m constantly concerned that the standard tools I&#x27;m using for auth (Devise for Rails, Passport for Node, etc) are just not enough over the long haul to keep user data secure.<p>Storing user data and handling most of the auth service seems risky as hell to me, but I don&#x27;t see quite as many strong opinions from the dev crowd about identity management as I do people sniping about where to put spec files in their codebase.<p>I guess I&#x27;m openly curious: Are folks using services like Firebase, Auth0, Okta to manage their user persistence, authentication, and authorization? Or are they just rolling their own or subscribing to open source projects and crossing fingers?<p>Personally, the Auth0 docs are not hitting the mark regarding the delivery vs complexity. For instance, it&#x27;s near to impossible for me to quickly get a ReactNative -&gt; Auth0 -&gt; API Server routine going, quickly. Okta seems easier, but I haven&#x27;t dug in. Firebase seems easiest, but then I don&#x27;t trust it because of the simplicity.<p>Fishing for opinions and experience on this subject...
======
richchetwynd
Arguably if you're just building prototypes then integration with a third
party provider is going to be overkill. However over the long haul you're
right about the benefits of a IAM provider. It's not only about data security
but also the expanding feature set that will likely follow. Think roles,
entitlements, user policies, MFA, consents and GDPR etc. Not to say you cant
build this in but at some point you may consider how much time you're spending
developing auth vs core product. I work for OneLogin so often spend time
thinking about this and you're right that not enough devs seem to take the
time to consider it.

