Whenever it comes to creating an application which requires users to have an account to access certain services, we need to think of a robust authentication system which could handle the user login flow.
Well, that sounds easy! Isn’t it?
Let us dig a little deeper to look at the technology/tool stack we need to have in order to create such a user login flow.
- A low latency database to store the information of users and their chosen passwords.
- A salting and hashing engine to convert plain text password into non-readable text format.
- Extra layer of security for securing the database, as it contains most useful information of a user, i.e., their passwords.
- A rate limiting technology to limit the user login attempts from multiple IP address or location.
That sounds easy, if you have a large team which could handle all these technologies.
What if you have a small team, and lack the required time to implement a custom and robust login flow.
Well, here comes the Auth0.
Auth0 is simply an authentication framework that helps developers like us built the applications without having to worry about the security aspects discussed above.
What is the actual purpose of Auth0?
Auth0 helps in making the development cycle of an application easier by reducing the work load needed to implement an authentication system which have the following features.
- Database infrastructure to store the user data.
- Single Sing-On support
- Hashing & Salting techniques to encrypt the passwords.
- Password less Sign-in support.
- Social Network sign-in, such as Google, Facebook, GitHub, etc.
- Rate limiting measures to prevent database abuse.
- Low latency database for better user experience and login flow.
- Multi Factor Authentication support.
- plus a lot more..
Auth0 provides the database infrastructure to store users by default. This scenario provides the best performance for the authentication process since all data is stored in Auth0.
The Auth0-hosted database is highly secure. Passwords are never stored or logged in plain text but are hashed with bcrypt.
Some of you might have already heard about bcrypt, as it also comes as a node module, which can be used in the Node.JS applications.
The best part is, we can integrate Auth0 in almost any application, such as Node.JS, Django, Java, etc.
Let us look at the implementation of Auth0 in a Node.JS project.
Or, head over to Auth0 official website to learn more about it.
Read Next: Deploying Node App with MongoDB to Heroku