

Ask HN: Best way to do user authentication for web application? - thaweatherman

A team of developers and myself are designing a web application and I am in charge of user authentication. I want to provide options such as Facebook Connect and OpenID via Google, Yahoo, etc., but we also need our own authentication method if no one wants to use either of those options. I really really want to avoid password authentication, but if I have to I will do it. Do you think SRP would be a better option, or is there something I am overlooking that would be easier for the user? Thanks
======
ibstudios
Maybe let someone else worry about it?

[http://www.mozilla.org/en-US/persona/](http://www.mozilla.org/en-US/persona/)
[http://janrain.com/](http://janrain.com/)

~~~
thaweatherman
Both of these is just signing in with an account from some different site. We
want to provide that option, but we want our own option as well for users who
don't want to use social media to login

------
gspyrou
Take a look at Windows Azure Mobile Services [http://www.windowsazure.com/en-
us/develop/mobile/tutorials/g...](http://www.windowsazure.com/en-
us/develop/mobile/tutorials/get-started-with-users-html/)

------
bmelton
You didn't mention a platform, but if you're using Python or Django, Python-
Social-Auth[1] is quite good. It supports a bevy of third-party providers
while still allowing for easy local (username/password or email/password)
login types as well.

[1] - [https://github.com/omab/python-social-
auth](https://github.com/omab/python-social-auth)

~~~
thaweatherman
Awesome thanks. I might use that in my own applications in the future, but our
app uses Angular and Node. Unfortunately I couldn't convince the group to use
Django

~~~
bmelton
Then you might also check out passportjs[1]. Thanks to Node, it's not as drop-
in-ready a solution as Python-Social-Auth, but it covers quite a bit, and
third party providers are pretty easy to add.

I had troubles with crypt on an older version of Node, but it's almost
certainly been resolved by now.

[1] - [http://passportjs.org/](http://passportjs.org/)

