The purpose of this post is to comment a bit about authentication, making a reflection on our current needs (developers) as well as the expectations of our users.
It is a fact that 99.9% of the software that will work require access control, and many of them will go through a control privileges, so whenever we start a new project we will have to face settings in this topic.
Some factors that influence the decision related to authentication is the integrations, and they by means of legacy in our company, third-party applications or authentication protocols such as SAML, OpenID, WS-Federation, or other means.
Other common features regarding authentication in a more advanced state concern at technical needs as Touch ID, Multifactor Authentication, Single Sign On and Login through the various social networks.
And if our application has versions for web and mobile, the mobile devices can have the aggravating factor of developing all security routines in more than a technology if you choose for native development.
Okay, so we conclude that the “first screen” software perhaps will consume much more time than initially planned, because, when we visualize the login screen and inform our email and our password and we press the button “Access”, it isn’t there seems to be so much behind of this.
Fortunately we live in the *aaS era. Many things we need for our applications are available as a service on the Internet. A few years ago it was common to ask a budget of a server allocation in an Internet provider of your city to host a small application, today, there are now service providers that guarantee us that it is possible to obtain a new server in the cloud, ready to be operated in only 55 seconds by a very low price.
These services facilities related to infrastructure – IaaS (Infrastructure as a Service), also extends to different needs for the development of our apps, where we can get configured, scalable, resilient services to execute our applications. Within these services include: databases, web servers, application servers, file storage services, etc. These services are called Platform as a Service (PaaS).
Remaining in line with specialization of providing cloud services, we have the category of SaaS (Software as a Service). This category is growing every day, with third-party services that can consume according to our demand and they come as objective solving parts of our challenges, reducing our implementation time routines that many times are common in other systems, allowing we can focus on our business rules.
In this direction, I would like to present a tool to help us solve our problems authentication, reducing our deployment time while providing the resource for our users as regards the authentication applications.
The Auth0, is a security platform that provides us with the most diverse solutions as regards the authentication of our users and possible integrations.
We highlight some features:
- Several SDKs for most web technologies and mobile used in the market
- Multifactor Authentication
- Social Login (Google, Facebook, Twitter, etc)
- Use on-premise or in the cloud
- Support for multiple authentication protocols such as: OAuth 2.0, OAuth 1.0a, Open ID, WS-Federation
Instead of creating a megapost with thousands of information, I opted for the creation of a series called Authenticating your app in the cloud.
This series has the following posts: