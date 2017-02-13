Hacker News new | comments | show | ask | jobs | submit login
Ask HN: What is best 3rd party authentication for developers
5 points by prats226 on Feb 13, 2017 | hide | past | web | favorite | 10 comments
I need to integrate 3rd party authentication to our API product where developers can sign up. Should I use google or github or own Oauth. Issue with google is developers from china can't sign up. For github, I don't know if I can always get email to reach out to developer later. With our own Oauth, we will need to manage passwords etc. What are your thoughts?



Managing passwords isn't like handling nuclear waste.

I'd suggest that researching best practices and either implementing them or finding a library to do it for you is a worthwhile exercise, which you will be glad of next time <3rd party> is down, changes their services, etc.


I think big 3rd party services like google can be used reliably? Just that in the beginning, adding own authentication with password management, email verification, password reset would be too slow to implement and maybe less secure than 3rd party? And in the moment of crisis like a hack, it does feel like handling nuclear waste!!


Google is the poster boy for "fuck you we don't support this any more"

Also, you're then forcing users to sign up for an account with the provider you choose. Some people choose not to have a Google/etc account.


Doubt it will happen with authenticator since many of their other services would be dependent on it unlike some of the services they have shut down?


Honestly I wouldn't rely on their own internal services using it being a great reason they'll keep it going.

Deviating from Open Standards in favour of their own google-specific services is pretty much step one in their playbook now.


Auth0 seems really nice. Saw their pitch. Haven't had a chance to integrate it in anything yet. Plan to do that soon in an app I will write on my own time.


I tried Auth0 and its really bad. Documentation is very inconsistant and really regret choosing it. Going to use some 3rd party library.


Yeah I am implementing authentication with jwt tokens. Using their open source middleware library in golang


I feel like a salesman because I always am bringing up azure but... You might take a look at the azure active directory b2c service. You can use stand alone azure ad or integrate with other various providers (Google, Facebook,etc). Their posted child is the real Madrid website which uses it.


If you want to avoid handling passwords but still have a traditional login form, you could try a managed directory like Auth0, Stormpath, or Amazon Cognito User Pools




