Why you should not build your own authentication system?
July 27, 2019    |    APIs    |    Authentication    |    Basics

Now I know why people always say: “don’t roll your own authentication system.” Unless you want to create an authentication system for fun, I would advise against it.

Complexity

First of all, it’s a full-time job to create a robust authentication system. For example, you need many API routes, knowledge of encryption, a server to host the API, and a database server. That is just the minimum. Authentication systems are much more complicated than they seem.

Security & Multi-level dependencies

You also need to keep up with security patches for your authentication systems application dependencies. Also, you need to keep up with the dependencies of the software you are using to build your application.

The Wheel argument

Another reason to avoid creating an authentication system is that there are already great ones available. Just take your pick:

  1. Auth0
  2. Firebase
  3. Google Login
  4. Facebook Login
  5. Twitter Login
  6. Github Login

All of these applications can be used as an authentication system for your application for minimal cost or free.

Give it a try

For me, I’ve always wanted to write an authentication system from scratch, and so I have written a few. It is a good idea to create an authentication system as a programming exercise, but you should use an existing authentication system for a production application.

The two reason to create your own authentication system:

  1. Programming exercise
  2. You want to build an authentication SaaS product.

To conclude, you should “roll-your-own auth.” It’s usually very complex, there are many security dependencies to worry about, and there are already great solutions available. So build your application and integrate it with an existing authentication system. You’ll thank me later!

Leave a Reply

Your email address will not be published. Required fields are marked *