When I first started learning to code, I went through more tutorials than I can count. I built so many todo list apps that I can’t even use a todo list without wondering if someone built it as a tutorial then turned it into a product. I learned CRUD (create, read, update, delete). I learned frameworks (React, Angular, Vue). I learned so much, but in every tutorial, something was missing. Something critical.
Authentication.
An app can certainly function without data persistency. An app can even function with data persistency but without authentication. But how many of those apps are useful on a daily basis? They tend to be toys and examples, and that’s fine. But whether you’re just learning to code or you’re a seasoned pro, there always comes a time when you need to attach specific data to a specific user. And this requires authentication. So, I wanted to look at a few of the available authentication tools built for developers — both free and paid products — to see how they compare. Let’s dive in!
Auth0 is a premium tool that allows for more than just authentication. They support identity monitoring, user management, and authenticated communication between machines to name just a few features. We’re going to focus on the authentication aspect.
On the free plan, Auth0 allows the following:
- 7,000 free and active users
- Passwordless sign in (social auth)
- Up to 2 social auth providers
Their premium offering starts at $13/month for 1,000 active users but also adds the following features:
- Log retention for 2 days
- Unlimited social auth providers
- Account linking
One thing to keep in mind here is that if you were on the free plan and already have 5,000 active users, upgrading to the next tier up doesn’t mean paying $13/month because you’ve already passed 1,000 users. It means paying whatever the going rate is based on your current active user count. This is a fair pricing strategy, but one that can easily be confused if you’re not paying close attention.
What about the developer experience?
Auth0 has some of the best documentation available. They have numerous SDKs and APIs. All of it adding up to a choose your own flavor type of implementation. Here’s a snapshot of the React implementation:
Auth0 is a solid option for developers of larger projects. Auth0 has a generous free tier and scales as the application scales.
For developers looking to build their own solution, Passport is the open source tool they likely reach for. Passport is completely free, open source, and well-maintained. While password has username/password authentication solutions, their bread and butter is in social authentication. They have what’s called Strategies, which are authentication solutions built largely off the OAuth 2.0 spec.
Passport is only available for Node.js, so if you’re building a non-JavaScript app, you’re out of luck here. But based on the increase in apps built
entirely (or mostly) in JavaScript, this is probably less of a problem than it used to be.
How’s the experience?
Passport is well-documented and supports such a wide range of options, a developer would have a hard time NOT finding a solution that worked for them. Here’s an example of the Facebook authentication strategy:
It’s pretty simple. Whereas Auth0 requires an API key and config information they supply, Passport just requires the authentication strategy’s configuration information (clientID, clientSecret, etc).
If you’re building a Node-based app and just need quick, free
authentication with no bells and whistles, Passport is a great option.
Okta is more of an enterprise solution, but there’s nothing (except price)
stopping developers from dropping it into non-enterprise applications.
Okta provides both workforce identity (think internal company accounts)
and customer identity solutions.
Pricing is a bit difficult to parse, but in most cases, you’re looking at $2 per user per month to start for their services.
If the price hasn’t scared you away, let’s take a look at what the
developer experience is like. Well, they crush it here. Not only do they have tons of documentation, but they have simple to use widgets that you can easily add to your application. Here’s an example:
Okta is likely going to only apply to larger organization, but if you’re a
developer with a budget and want something simple to use, Okta has you
covered.
OpenID is less an authentication solution and more a web standard. OpenID is an identity layer on top of OAuth 2.0. The standards they are working to provide a whole lot more than authentication. They provide claims, verification, encryption, and more. It’s a robust solution, and it’s
from a foundation looking to advance the standards of the web.
But what’s the developer experience like? If you’re looking for documentation, you might be looking for a while. There is documentation, but it’s hard to navigate and hard to understand. However, once you figure it out, you’ll find that OpenID sort of provides a Passport-like solution for multiple programming languages.
If you want to build a standards-based solution (which is always a good
decision), you should take a look at OpenID. Just give yourself a little
extra time to navigate the site.
SimpleID (my product) is a solution that grew out of the Web 3.0 space.
Decentralized technologies have an onboarding and authentication problem, and SimpleID set out to solve that. In the process, SimpleID created an authentication solution that gives developers quick access to encryption tools, provides end users with privacy, and removes most (if not all) the liability from developers.
SimpleID is a premium solution but comes with a free plan that offers the following features:
- Authentication through Ethereum, Blockstack, Textile
- Data storage through Blockstack and IPFS
- One developer project
- Up to 500 accounts created
Because SimpleID accounts can be used across multiple application, the user totals only apply to accounts created by the developer’s application. If a developer is ready to scale up, the cost is just $9 per month for up to 10,000 users.
But how’s the developer experience? SimpleID is built to solve the general web and general JavaScript focus within the decentralized web space. While SimpleID has an incredibly easy to use JavaScript SDK, it also provides simple API endpoints that can be used from any programming language:
If you’re developing a decentralized application, you should absolutely take a look at SimpleID. But even if you’re not, SimpleID can give you data protections that other services can’t.
No matter what solution you choose, just know that authentication tools
exist to help you get to where you need to go. The next time you complete a coding tutorial and realize you’ve built an app with no login, come back to this article and pick a solution you can drop in quickly.