alt Hacker News> Yeah and it was terrible. Your password would be stored as an unsalted MD5 hash if you were lucky.
That's so 2001.
Bcrypt was in the default PHP libraries in 2013. It's been available in Python even longer.
This pattern of outsourcing the most basic of application responsibilities is lazy and exposes you to needless fragility and cost burdens.
There are a million and one libraries and frameworks that will handle all of this for you, meeting industry standards, without having to pay to be coupled at the hip to some SaaS vendor that will undoubtedly raise prices on you when they hit growth pains.
You're being rented a partial solution to something that has long been solved. And this - your customer relationship - is such a core function to your business that you shouldn't outsource it.
Replies
Thanks, I agree.
Yeah. Same thing with AI.
That is a super refreshing take. When I started needing to add auth to apps (~5 years ago) the only advice I could find on auth was essentially “you are an idiot if you don’t use an auth provider”. Back then I was probably only reading r/webdev or something.