How would you implement auth for a self hosted product?

Question

stop50 · Accepted Answer

Try to implement as few of it in the application and offload the rest to keycloak

gtsteve · Answer

I'd make it a pluggable middleware with a document on how to implement your own and provide a reference configuration that uses something like Vouch [0] which will redirect the user to another identity provider.
You could also provide another implementation that implements Cloudflare's zero trust authentication [1].
[0] https://github.com/vouch/vouch-proxy
[1] https://developers.cloudflare.com/cloudflare-one/identity/au...
In other words, I don't think I'd want to actually take responsibility for authentication these days and use an authenticating proxy. The less security infrastructure you have, the less there is to go out of date.
You can always start with this approach and then implement your own built-in user directory later.

lbhdc · Answer

If I wasn't using a framework that shipped with it already (like django), I would pick an authentication method that worked for what I am making. I would look for a well reviewed library in the language I am writing for both client and server.

codazoda · Answer

You should consider HTTP Basic Auth. It&rsquo;s a quick path to &ldquo;good enough&rdquo; and you can iterate to something better later. You can read more about why I started using it for my side projects on my blog post below.https://joeldare.com/why-im-using-http-basic-auth-in-2022.ht...

XCSme · Answer

I did it in the most basic way, I just store a cookie in PHP. I want to improve it a bit, by using session tokens (so you can get a unique token per device, and can revoke access if needed).

mffap · Answer

Depends on what you need. If you look for SSO or a turnkey solution for auth, then maybe have a look at https://github.com/zitadel/zitadelCheck out the community chat, there are many people having implemented auth for self hosted setups that can share some insights.

aristofun · Answer

I&rsquo;ve already done it in nodejs and few lower level libs (cookies, encryption, oauth related).Because nothing fit my needs and internal perfectionist.Not a big deal if your requirements are narrow.Its free, it fit your needs perfectly, it doesn&rsquo;t waste your time on deployment and figuring out wtf is going on behind the scenes.

advaitruia · Answer

Have you seen open source authentication products like SuperTokens or Keycloak?Alternatively, you could use framework specific authentication libraries like nextjs or Devise (Ruby)

How would you implement auth for a self hosted product?

How would you implement auth for a self hosted product?

Try to implement as few of it in the application and offload the rest to keycloak

If I wasn't using a framework that shipped with it already (like django), I would pick an authentication method that worked for what I am making. I would look for a well reviewed library in the language I am writing for both client and server.

You should consider HTTP Basic Auth. It’s a quick path to “good enough” and you can iterate to something better later. You can read more about why I started using it for my side projects on my blog post below.
https://joeldare.com/why-im-using-http-basic-auth-in-2022.ht...

I did it in the most basic way, I just store a cookie in PHP. I want to improve it a bit, by using session tokens (so you can get a unique token per device, and can revoke access if needed).

Depends on what you need. If you look for SSO or a turnkey solution for auth, then maybe have a look at https://github.com/zitadel/zitadel
Check out the community chat, there are many people having implemented auth for self hosted setups that can share some insights.

Have you seen open source authentication products like SuperTokens or Keycloak?
Alternatively, you could use framework specific authentication libraries like nextjs or Devise (Ruby)