I was wondering if you were intending to share an entire application open source that is also currently running, is it a bad idea to share the auth mechanism. It could show vulnerabilities which is good if people are pointing it out/telling you about it versus exploiting it.
Context is PHP password_compat instead of say "off the shelf" auth with something like Laravel.
