Web Authentication APIs

Implementation Overview

Maximiliano Firtman

Maximiliano Firtman

Independent Consultant
Web Authentication APIs

Check out a free preview of the full Web Authentication APIs course

The "Implementation Overview" Lesson is part of the full, Web Authentication APIs course featured in this preview video. Here's what you'd learn in this lesson:

Max highlights three authentication implementation options: Custom Authentication, Identity Providers, and Identity as a Service (IDaaS).


Transcript from the "Implementation Overview" Lesson

>> To implement authentication these days, you have typically three options. You create your own custom authentication system, server style, and maybe client side as well, it depends, actually. So you create your own system. That's what we are going to build today. You use identity providers, and I will explain what that is in a second, or you use services known as identity as a service.

Probably, maybe you haven't heard about the name, that term, but I will mention some names and probably that thing will pop up. So, custom authentication is, for example, having your own system with username and password or using the API for biometrics known as web authentication. It's not just for biometrics, but it's the first thing that highlights in our mind, okay, yeah, I wanna log in with Face ID in my website.

So identity providers are typically using different specs such as OpenID, Or SAML, so what is that? Every time you see sign in with, sign in with Google, sign in with Apple, sign in with GitHub, with wherever, actually, that's the beginning of an identity provider. So instead of you creating your own databases of usernames and passwords, you will use another database from a third-party provider, from Google, from Apple.

Typically, you also create your own database that matches that. It's not necessary, so you can just say, you know what, to use my web app, you need to have a Google account. I'm not going to save any user data in my server, but I will authenticate you using your Google's credentials.

It's totally possible. In that case, you're just using an identity provider. And identity as a service, okay, there are many companies out there, for example, Auth0, now acquired by Okta, or even Amazon, Cloud Firebase from Google, Microsoft Azure. They all offer us solutions for authenticating our users in our websites, okay?

The most common one these days, the largest provider is Auth0. So in this case, we don't build anything. We just get a key from their websites, maybe pay for the service. It depends on the service that we want, and that's all. We can get everything for free, okay, that's all.

What we are not going to build, in that case, any authentication system manually in our websites in our web app. We're going to use a third party solution for that.

Learn Straight from the Experts Who Shape the Modern Web

  • In-depth Courses
  • Industry Leading Experts
  • Learning Paths
  • Live Interactive Workshops
Get Unlimited Access Now