Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: How would you implement auth for a self hosted product?
5 points by nopipeline 5 months ago | hide | past | favorite | 10 comments



Try to implement as few of it in the application and offload the rest to keycloak


How do you deploy keycloak? Does keycloaks load scale linearly with application usage?


The current keycloak is designed to run in containers. You take the image from redhat and provision what you need and then you have the image that can be easily used in multiple instances.


I'd make it a pluggable middleware with a document on how to implement your own and provide a reference configuration that uses something like Vouch [0] which will redirect the user to another identity provider.

You could also provide another implementation that implements Cloudflare's zero trust authentication [1].

[0] https://github.com/vouch/vouch-proxy

[1] https://developers.cloudflare.com/cloudflare-one/identity/au...

In other words, I don't think I'd want to actually take responsibility for authentication these days and use an authenticating proxy. The less security infrastructure you have, the less there is to go out of date.

You can always start with this approach and then implement your own built-in user directory later.


If I wasn't using a framework that shipped with it already (like django), I would pick an authentication method that worked for what I am making. I would look for a well reviewed library in the language I am writing for both client and server.


You should consider HTTP Basic Auth. It’s a quick path to “good enough” and you can iterate to something better later. You can read more about why I started using it for my side projects on my blog post below.

https://joeldare.com/why-im-using-http-basic-auth-in-2022.ht...


I did it in the most basic way, I just store a cookie in PHP. I want to improve it a bit, by using session tokens (so you can get a unique token per device, and can revoke access if needed).


Depends on what you need. If you look for SSO or a turnkey solution for auth, then maybe have a look at https://github.com/zitadel/zitadel

Check out the community chat, there are many people having implemented auth for self hosted setups that can share some insights.


I’ve already done it in nodejs and few lower level libs (cookies, encryption, oauth related).

Because nothing fit my needs and internal perfectionist.

Not a big deal if your requirements are narrow.

Its free, it fit your needs perfectly, it doesn’t waste your time on deployment and figuring out wtf is going on behind the scenes.


Have you seen open source authentication products like SuperTokens or Keycloak?

Alternatively, you could use framework specific authentication libraries like nextjs or Devise (Ruby)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: