Should you Implement Authentication Yourself?

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
oh that's me all right so I've been thinking about no I hadn't been thinking about so there's these new services that are starting to get popular that replace you having to do authentication they kind of store your users and handle logging them in signing them up and forgetting their password all the like annoying off stuff that you have to do they just handle it for you and come bees that come in mind that do that are off zero which I really hate that name of that company I always think of oh uh which is an authentication method and then I always get confused and then the other one is Amazon Cognito is what it's called so most of the time I don't use services like that they've just started to get more popular recently and a lot of times I just end up writing my own authentication and by that I mean I don't literally write everything from scratch I might use some libraries to help me out but in general I'm storing my own users and handling the functions myself on my own server but I have started to think about whether I should start using some of those services and integrating them into my projects and what some of the pros and cons that would be now the context of this video is for projects that are not enterprise because enterprise is just a whole different beast I'm talking like a small-scale startup project that has minimum authentication requirements or at least regular ones or basically you just need to be able to login the user register a user and have them be able to forget their password and fetch credentials for the user and know who's logged in that sort of stuff and so I was thinking about what things I liked about switching over to something like auth to zero and the first thing that came to mind was you know and probably be a lot faster when setting up authentication like they already have it all set up I'm just basically implementing the front end what it would look like and then I just called their API for different things and so that has some merit to it that has some life yeah I don't spend as much time coding it but in general to me that is less of a incentive because in general I'm at a point now where I can set up authentication pretty quickly and so I feel like the added speed of auth0 or something similar is not worth it but I think it makes a lot of sense for front-end developers like if I was a front-end developer I had no interest whatsoever of learning back in technologies or I just wanted to set up a project I think it makes a lot of sense to just use something like that and it handles all your auth needs for you on the other hand if you're back in developer or you want to become a back-end developer and that is like your career I think it's definitely worthwhile to actually learn how to set up your own authentication system because no matter what you're working on in the future that application is going to have some kind of authentication and so knowing how that system works it's gonna be super useful for future jobs and future projects that you work on the other thing to consider is the security of using a managed service versus implementing it yourself so I think it's pretty common to hear people say that it's more secure to use something like auth0 or Amazon Cognito because they have a whole team working on it and there's security experts where as you're just a regular web developer or back-end developer what do you know about security and I agree with that to some extent but also I'm a little skeptical that is just strictly more secure than using like a trusted or battle-tested open-source project or library for example a very popular nodejs one is passport j/s and I'm not convinced that it's way more secure to use one of these managed systems I feel like it's in the company's best interest it's for Amazon Cognito and auth0 and companies like that it's in their best interest to write articles about how hard offend ocation is and how you have to worry about all these little details and how your system is probably insecure right now because it drives traffic and drives you to sign up for their services so I'm a little cynical in that and that I think it's also in their best interest to make authentication feel super complex and that you can't do it on their own that way you sign up for their service I feel like you can kind of just set it up with an open-source project or library and you're you're good to go the other thing to consider too is there's open source versions of this one that people have been recommending to me that I should try it's called octa which I probably will try at some point one of the things that I like about it is I can just run it myself and I can run I can store the data myself so the other thing that I'm a little and about is I don't know if I want to give Amazon and auth0 my all my user data I think this is another one where there's two sides to it user data is like super precious and so I don't want them to be in control of it but at the same time if they're controlling it they may do a better job than I would of securing it and so they're less likely to get hacked and I think that is the thinking behind using something like that I have mixed feelings about having all the user data stored on someone else's server in general it's not really a turning point to me or like killing factor it's not like oh I can't store my own user data I'm not gonna use them but also I would rather be controlled that I think another thing that is just a non-factor to me though is price I don't think it's something I would even consider thinking about with using one of them what I mean by that I don't think the price really matters if you value your time as a developer at all then the time it saves you from setting it up and dealing with that is well under what would cost you to handle it yourself and so if you're a small team I think it also makes a lot of sense to outsource that sort of thing I'm all for outsourcing things I love outsourcing so that's really appealing to me not to even have to think about it and like shift the blame and shift the all of the responsibility off to someone else is a really enticing factor for me so quick interjection I didn't realize how expensive the odd zero pricing was so in retrospect I do think pricing has a little bit of a factor I think I was too strong and saying that it was a straight non-factor for fifty thousand users with auth0 pretty much as you scale the price can get pretty pricey so it costs 1,100 for that though if you put this into terms with 50,000 users you should probably be having some sort of revenue and I imagine your revenue is way higher than that and the costs of gang a developer is way less or sorry developer would cost way more a month than this to actually have someone dedicated to authentication so I do think this is less than hiring a developer but it's definitely still factor because this is definitely real money you're spending on authentication surprisingly AWS Cognito I just wanted to see how much they costed and it's a lot less they may have some hidden fees I wasn't able to find but I went to their pricing section and if you can compare how much for monthly active users it's a lot less your first 50k is totally free and then after that it's the cents per monthly active user and if we just multiply that out all right times 50,000 that's 275 compared to 1,100 so it's almost 4th the costs if not less so but surprisingly Amazon is a lot cheaper there but yeah so definitely there's some consideration to take I'm looking at choosing these so I think the main thing that's holding me back is the lack of flexibility when I sign up for a service like that I've now lost a lot of decisions that they've made for me and I don't like that I like having the ability to be able to switch things up and have it work exactly how I want for a specific project because each project has different needs and being able to customize it is pretty crucial but with that said I'm coming from the background of I know how to set up authentication and I understand the whole process and so I really like having the control of the whole process and being able to tweak it where I can but if I run into something where I have a more complex auth flow then I'm definitely going to be considering using one of these services and giving them a try fun fact I recorded this entire video while being eaten by mosquitoes I tried doing mosquito repellent but it kinda didn't work too well and I was like let's just record the video it's worth let's get down with it and hopefully I don't regret this you
Info
Channel: Ben Awad
Views: 96,408
Rating: undefined out of 5
Keywords: authentication, Auth0, Amazon Cognito, Implement Authentication Yourself
Id: Hh_kiZTTBr0
Channel Id: undefined
Length: 10min 38sec (638 seconds)
Published: Mon Oct 07 2019
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.