Is next auth a good fit for seperate custom backend issuing tokens? #3030
-
|
I've got an ASP.NET Core Web API with endpoints for issuing and refreshing tokens. I'm trying to figure out if next auth is a good fit for this. This is what I've got so far. Not quite working yet.
|
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
|
hi, this is how any of the OAuth providers work, so yes. you might want to look into a framework like IdentityServer https://duendesoftware.com/ that gives YOU an openid connect compliant Identity Provider, rather than building your own solution, especially if you don't have the resources/expertise in auth |
Beta Was this translation helpful? Give feedback.
-
|
Cool, thanks! I want to be able to just have a log in component with email address and password within my app without getting redirected anywhere. I can see big ones like AirBnb/Facebook doing that and just seems like a better user experience. Now all these OpenId Connect solutions wants me to redirect somewhere. Is there some security benefit? Why then are the big ones not doing it? |
Beta Was this translation helpful? Give feedback.
-
|
there is absolutely a benefit. whenever you start storing passwords yourself, you will introduce extra responsibility related to security. big oauth providers have entire teams making sure that the password is managed correctly, also adding a lot of protection against DDoS and probably many other type of attacks I might not even be aware of. without proper knowledge, we advocate against running your own solution. |
Beta Was this translation helpful? Give feedback.
hi, this is how any of the OAuth providers work, so yes. you might want to look into a framework like IdentityServer https://duendesoftware.com/ that gives YOU an openid connect compliant Identity Provider, rather than building your own solution, especially if you don't have the resources/expertise in auth