Oh really?
I mean I'm almost to relived to hear this because the "never roll your own auth" crowd is honestly deafening.
You ask any question on a lot of sites and communities (twitter, reddit, stack overflow) just about anything to do with auth and you'll get slammed with comments preaching about this.
I think Hacker News is somewhat an outlier in this I will say, as in previous threads this doesn't seem to be anywhere near as common.
They always have the same "you think you know better than the 1000s of auth and security experts working on Auth0 or xyz". Which, no obviously not. But there's clearly defined standards such as bcrypt and how to handle sessions etc; and even the OWASP cheatsheets too.
I feel I could implement an auth service wrong too with calling their API if I really tried.
Keep in mind that this site is filled with snake oil salesmen that will try to push anything to you. (Among many honest commenters, obviously.) I've never used third-party authentication and do not plan to. Web frameworks usually handle most of that stuff anyway.
You ask any question on a lot of sites and communities (twitter, reddit, stack overflow) just about anything to do with auth and you'll get slammed with comments preaching about this.
I think Hacker News is somewhat an outlier in this I will say, as in previous threads this doesn't seem to be anywhere near as common.
They always have the same "you think you know better than the 1000s of auth and security experts working on Auth0 or xyz". Which, no obviously not. But there's clearly defined standards such as bcrypt and how to handle sessions etc; and even the OWASP cheatsheets too.
I feel I could implement an auth service wrong too with calling their API if I really tried.