Authentication as a Service

Part 3: Rethinking mobile app signups

It was the fall of 2015, and up until now I had only completed the login/registration and team creation features. When I decided not to use the Parse SDK, part of the plan was to one day build out my own custom backend, but the Parse shutdown was looming in the horizon, I didn't have much time.

I randomly came across a service called Auth0, offering authentication as a service. I thought it was an interesting idea. At work we decided to offer Facebook Single Sign On (SSO) as part of our login and signup process. There were many complications in adding a new authentication flow to an existing system. How does it affect the existing users? What if they want to convert their username/password accounts to using SSO? What if they signed up with SSO but now wanted to set a password?

Coincidentally authentication was the only part of my app that I had completed, by using Auth0 I could re-implement user creation without a backend. This allowed me to delay my backend decision for a few more weeks.

My plan was that Auth0 would handle the user creation, supporting everything from traditional email/password to social sign-in. Auth0 would then return a JWT (JSON Web Token), that can then be used to interface with any backend. The great part about using a separate service to handle authentication was that I could continue to offer new ways for users to signup without having to make changes to the backend. SMS signup, passwordless login, and 2 factor authentication all became common patterns in mobile apps in 2016.

Follow my thoughts, checkout projects that interest me, connect with me professionally or send me an old fashioned email.