(techcrunch.com)

282 points bundie | 1 comments | 25 Jun 25 18:07 UTC | HN request time: 0.194s | source

Show context

yodon ◴[25 Jun 25 22:32 UTC] No.44382371[source]▶

Pretty sure auth is not something I want a self-taught dev (or even most CS-graduate devs) writing.

Oauth2, JWT's, hashes, timestamps, validations, and such, are all totally simple until they're not. The black hats have way more experience and way more time invested in this space than most any normal dev.

replies(8): >>44382542 #>>44382600 #>>44382664 #>>44383532 #>>44383603 #>>44385107 #>>44385540 #>>44459701 #

vmg12 ◴[25 Jun 25 22:53 UTC] No.44382542[source]▶

>>44382371 #

Auth is really not difficult to write. It's don't roll your own crypto, not don't roll your own auth. People need to stop spreading this fud.

replies(5): >>44382590 #>>44382617 #>>44383537 #>>44383587 #>>44383602 #

risyachka ◴[25 Jun 25 23:00 UTC] No.44382590[source]▶

>>44382542 #

Yeah it’s not difficult if you know all the specs.

The issue is 99% don’t know them and are not very good at following them. And the cost of error is very high.

I’ve seen a lot of startups that failed to implement even google oauth securely.

So yeah it’s a far cry from fud and you really should not do it unless you are actually good.

replies(3): >>44382621 #>>44383147 #>>44384218 #

1. fmbb ◴[26 Jun 25 00:38 UTC] No.44383147[source]▶

>>44382590 #

OAuth is very complicated and fuzzy though.

I am not surprised anyone makes mistakes trying to integrate it anywhere.

↑

Better Auth, by a self-taught Ethiopian dev, raises $5M from Peak XV, YC