There are tons of open source projects to complete the self service experience, from sign up systems to self service password resets
[0] https://github.com/ferg1e/comment-castles
[1] https://www.commentcastles.org/api#api-user-authentication
- Be able to store two types of tokens, one that is temporary, and one that is "permanent"
- Users can use their email address to get sent a temporary token (which expires if unused after X minutes)
- Users can click that link to change the temporary token for a "permanent" token they (the frontend) can use for authentication
- Clicking "Logout" invalidates the currently used "permanent" token
Biggest issue is making sure that whatever email provider you use for the "Login Emails" consistently sends emails quickly, as there is nothing worse but sitting for 2-3 minutes waiting for a login email because the provider batches sends or something.
This would specifically be for side projects. If it grows beyond that, you really should implement something with proper rotation and more, but there are tons of resources about that out there.
My main concern is that I don't want to weld too much of my design to any one service provider, so I've got to be careful about taking too much advantage of their feature set and API so that it won't be a pain if they go away or it becomes necessary to migrate to something else.
I am using Django’s user system. When a user comes and wants to use the app, I create a Django user and mark it as auto-created. Later, when they decide to sign up, I fill the details and I mark it as auto-created.
Using password auth for now. Will migrate to auth0 if enterprise customers knock on the door and want SAML.
Supported providers: https://authjs.dev/getting-started/providers/github
It's been really great so far and I can recommend it if you have a JS/TS codebase.
----------------------------
You can test Auth.js (v5 beta.22) in my Next.js 15 boilerplate:
• Credentials auth
• Google and Microsoft login
• Connected accounts
• Multi-factor authentication (via authenticator app)
• Session management
[1]: https://kanidm.com/
[2]: https://authzed.com/docs/spicedb/getting-started/discovering...
This is live at https://screenrun.app/
However, for my smaller personal side projects I rely on a simple JWT auth based on JWT, QR-codes and https-only AS secure AS possible cookies.
I plan to try openid but i did not habe the time yet.
If you have a userbase, a local username/password login should be at least an Option...
For selfhosting Authentik + Traefik forward auth is a unbeatable combo
Cheap/ free to self host. I have tried a bunch of the other ones and they all had things I liked but Appwrite gave me nothing to complain about other than getting on with building :)
For admin, I use HTTP basic auth like the boomer I strive to be.