Hacker Timesnew | past | comments | ask | show | jobs | submitlogin

only in javascript where auth is such a big issue.

in rails you can use the rails 8 auth or a better alternative authentication-zero. before it was devise.

java - spring security, shiro etc. but just complex things.

alternatively - use services like fusionAuth



Part of it is that most of the libraries that came before we’re tightly coupled to a particular framework that itself went out of fashion, like Passport and Express, which is a problem because frameworks themselves have been moving in and out of fashion very rapidly; or are coupled with service offerings from vendors, like Auth0.

Auth.js is actually one of the first attempts that tries to be framework and vendor agnostic while still including a good deal of the batteries you need to make a full authentication system, which they only recently did, as they were originally tied to next JS like every other library in the graveyard of authentication libraries.

If you just want to specifically do an OAuth handshake or salt and hash a password or produce a JWT, those libraries are all rock solid. But a full batteries included framework and vendor agnostic solution hasn’t really existed until recently.


Why is auth "such a big issue" in JS? I've used a number of solutions but haven't had big issues with them.


Same. I've personally never had issues with any auth packages, granted I've never used auth0. Personally, they all seem quite similar, especially in the react world.

Anything that can help me utilize oauth standards is fine to me.


It’s not that auth is unsolved in other languages/frameworks, but it’s often way too complex or configuration-heavy. If adding passkey support to my app is going to take 2 hours, that’s two hours I’m spending away from building my core product. For smaller projects, that’s not time that I could afford.

For example, if I want to add passkeys to my .NET CORE app, this is the guide Microsoft provides:

https://learn.microsoft.com/en-us/aspnet/core/security/authe...

Contrast that to better-auth (which is 7 lines of code total in server changes, and virtually no change to client API usage):

https://www.better-auth.com/docs/plugins/passkey

For some projects, the flexibility of other solutions might be needed. But for ease-of-use and development speed, better-auth has been a clear winner for me.


Excuse me, incoming contrarian! learn.microsoft, is for learning about the concepts as well as the practical applications. Also for user facing security, wouldn't you want all the knowledge available to you? Much easier to find the foot guns in these kinds of situations.


It’s Microsoft. Did you expect less than 30 pages of useless techno-babble?


In case if you don't know, Auth.js is not a frontend-only framework. It uses a backend server to make it secure.

So it basically has no difference from the alternatives you mentioned.


> make it secure

It's convenient, I'll give them that. Secure? https://projectdiscovery.io/blog/nextjs-middleware-authoriza...


Well, that has nothing to do with JS itself though.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: