Ask HN: What are folks using for identity management?

[wrburgess]

As I'm building prototypes or products for clients, I'm constantly concerned that the standard tools I'm using for auth (Devise for Rails, Passport for Node, etc) are just not enough over the long haul to keep user data secure.

Storing user data and handling most of the auth service seems risky as hell to me, but I don't see quite as many strong opinions from the dev crowd about identity management as I do people sniping about where to put spec files in their codebase.

I guess I'm openly curious: Are folks using services like Firebase, Auth0, Okta to manage their user persistence, authentication, and authorization? Or are they just rolling their own or subscribing to open source projects and crossing fingers?

Personally, the Auth0 docs are not hitting the mark regarding the delivery vs complexity. For instance, it's near to impossible for me to quickly get a ReactNative -> Auth0 -> API Server routine going, quickly. Okta seems easier, but I haven't dug in. Firebase seems easiest, but then I don't trust it because of the simplicity.

Fishing for opinions and experience on this subject...

[richchetwynd]

Arguably if you're just building prototypes then integration with a third party provider is going to be overkill. However over the long haul you're right about the benefits of a IAM provider. It's not only about data security but also the expanding feature set that will likely follow. Think roles, entitlements, user policies, MFA, consents and GDPR etc. Not to say you cant build this in but at some point you may consider how much time you're spending developing auth vs core product. I work for OneLogin so often spend time thinking about this and you're right that not enough devs seem to take the time to consider it.