One major component of our thesis project is the ability to authenticate users from their Facebook accounts and vendors from their email address/password combinations. To do this, we could either 1) roll our own authentication scheme where our server issues JWTs to our clients or 2) use a service that issues and manages the JWTs for us. To preserve our sanity, we chose the latter, specifically, the identity and authentication service Auth0.
Auth0 provides users a way to login via custom, open-source web forms called widgets that can be filled out with username/password combos or through social integration buttons that allow for third-party authentication by Facebook, Google, Twitter and others.
mongo. You can, for example, have a rule setup to automatically notify your server via a PubNub channel every time a user signs up for your service.
By default, Auth0 will store your user's credentials securely on their server, but you can also opt to have the same credentials stored on your own database by using the
mysql npm modules within a rule that runs like a hook on certain types of authentications.
In addition, Auth0 provides many other enterprise services, such as analytics and a web management dashboard. I think we made the right choice in opting-out of rolling our own authentication and I hope this post will help you make the same decision. Thanks for reading!