Auth0 in 100 Seconds // And beyond with a Next.js Authentication Tutorial
VloĆŸit
- Äas pĆidĂĄn 7. 09. 2024
- Auth0 is Authentication-as-a-Service used to manage the front door to your application. It provides drop-in user auth solutions that look great on any frontend app, and integrate with any backend server. Try it đ bit.ly/3peoMQ4
Thanks to âȘ@JamesQQuick⏠for going beyond 100 seconds! Subscribe to his awesome channel.
Disclaimer. This video contains a paid endorsement and was produced in collaboration with Auth0. I trust their product and have used it as a customer for many years .
#dev #code #100SecondsOfCode
Iâve used Auth0 in several projects and nothing comes close when you need advanced auth features. Hereâs 7,000 free users to get started bit.ly/3peoMQ4
There are no replies đ¶
I have a stupid question, in case Auth0 servers are down for whatever reason, does that mean users for my app won't be able to login?
@@tenslider6722 very astute observation. Better self-host...
Yo
âwait a sec, is this so big tech can know who is logging in and when to all your apps â aint nothing free....
These beyond 100 seconds segments are always interesting. keep up the great work!
Auth0 looks cool, but when I consider future scaling needs, it's quite expensive. Maybe something to consider once revenue can be predicted. For now I'm using Firebase Authentication (probably as a result of a video from this channel, but I don't remember).
This. If you're building a personal project and don't anticipate getting a lot of users Auth0 makes sense, if you're anticipating a lot more user sign ups I would suggest something like AWS Cognito or just building your own. Switching to another auth provider later is damn near impossible so choose wisely.
@@mooshy5944 switching auth providers is far from "damn near impossible". It is probably one of the easier migrations to do.
You can export from fire base and auth0 without a problem.
@@ZephrymWOW Okay so how do you export existing Auth0 users into lets say AWS Cognito? Passwords and all?
Cognito defintely supports import from csv
Wonderful, JeffâĄđ„thanks for partnering with James Q Quickđboth of yall are real aces with these frameworksđč
Not as user friendly to setup, but AWS Cognito is a great alternative, and free for the first 50,000 users. Worth doing a video on it as well for comparison!
I was hyped, until i checked their pricing.
Its free below 7k users
@@Exendes now, it's 1k
0.02 / month per user... It's not that bad.
@@edgarwideman737 lmaoo.. it is when youâre broke
Youâre not broke when you have thousands of users. Honestly I was quite surprised how good their pricing is.
For basic auth, Firebase auth is way easier to implement and has a lot of features and for production, AWS Cognito (part of Amplify) is better and cheaper to go.
Cognito is awful + it's not part of Amplify, it can be used with Amplify
Yeah, stay married to those services.
Supabase auth is decent too
@@chiefdan07 Plus it's opensource. I've used it and I really liked the initiative and from some time, I've been a part of open source software and I'm in awe for such people who provide leading class software open-source.
I've used it for SSO. It works fine, when you need something simple, but for more complex stuff (e.g. custom claims) you need to implement rules, custom databases and so on. As a result, it is easier to implement simple identity server and customize it for your needs. Most of modern backend frameworks support login with Google and other plaforms (auth2.0, openId, saml)
I find OAuth incresingly scary as an end-user. I use Google for most 3rd party websites to sign-up / login. Yet every week I read new horror stories how Google just mistakenly bans entire Google accounts. The sheer thought that my Google account would get banned for whatever reason, and me not being able to login into 100s of 3rd party website where I signed up via OAuth....scary as hell. And yes, I know this video is about Auth0 and not OAuth (different things). Just felt like sharing my thoughts on OAuth from an end-user perspective.
I feel the same about using Facebook. However, I deliberately use Facebook instead of Google since if I ever lose my account for some reason, I don't also lose my entire email account. Most of the time, the sites keep your email stored and you can recover the account via email, which is only a problem if your email is also terminated (as it would be if your Google account was lost). And of course, I use my own domain for email so I can route mail to whichever provider I want.
@@ChrysusTV jeez how about not using a single service to manage all your data but maybe use password manager / hardware tokens / self hosted solutions instead. I see that SaS has its place, but I think authentication isnât one of them. It should replace things that are you are not capable of hosting it yourself. Authentication is a solved problem and most frameworks make it very easy. I donât know how trusting another company with all your user data, making yourself dependent and having to use an API is any better than using easy framework look ups from a database.
@@michaelb2047 My KeePass has 372 entries but thanks for your paragraph of concern. I'll use what I want to use, yeah?
@@ChrysusTV I would recommend against this. I got my facebook hacked and took months to regain control. They have zero support or care to get you your access back. It fucked up my ability to access all sorts of apps like Spotify. I no longer trust any of these universal login things.
@@michaelb2047 The issue is, more and more websites don't offer their own login system anymore, they only offer logins via 3rd party OAuth of Google, Facebook, Twitter etc.
The quality of these videos never ceases to amaze me.
I think Auth0 is expensive and might be good if you have the budget when it scales. I'd rather have my own authentication/authorization using PassportJS :)
Yeah I've never really understood the appeal of auth-as-a-service, when rolling your own is pretty easy
@@michaelhays i mean implementing oauth for so many providers is time consuming and too much code writing. People just look for the easy way out. And then we get this. Just one sdk, no need of your own api, easy to use.
Agree. It certainly has a place in larger organizations, especially when it comes to compliance needs.
@@ratulsaha9487 implementing JWT OAuth is like 10-100 lines of code lmao. Especially if you just use a library to handle it
@@ZephrymWOW thats email password login. I clearly stated that the lengthy part is the 3rd party providers like google, github, etc
So⊠basically, Iâm now reliant on Auth0 for my own users. And if Auth0 decides to change their rules, I can get kicked out and eventually have to build my own OAuth2 service anyways?
Yeah and you'll have to pay a lot
F
@@user-if1de8pt2j he meant policies. you know, that's google and google has some good reputation on suddenly shutting down services.
@@arifdevcoding Or if they decide not to support the types of apps I decide to make, restrict collecting certain types of data, etcâŠ
@@quasa0 I mean, depending on your situation it might make sense. But, frankly, for really critical aspects of my apps, I like having control over them. Only for non-critical things or things that are too expensive to implement are what I like to rely on third parties for.
For example, hosting services. Itâs way too expensive to run my own servers and data centers. So, Iâll rely on AWS or GCP. Email is another example. It would just take too much work to build my own Email service.
But, storing users and and authenticating them are kind of really critical. So, I prefer to implement that myself. Plus, itâs not too expensive when you look at the bigger picture.
HA HAAAA!!! Just in time to improve my ongoing app, what a genious! Thank you so much guys!
One criticism Iâve heard of Auth0 is that itâs pricey. How about a video that compares it side by side with Firebase auth and Cognito?
A few questions, and I am just being a little curious here:
- Can I embed the login form into my website itself, or is the redirect required? I'd guess I can just POST to the auth0 URL as well, but just making sure.
- Is there a hook for account deleting? i.e.: If you wrote a forum with auth0, you'd want to mark an account as deleted once that happens.
- How much information can auth0 store, exactly? The profile showcased had minimal information. Is this all or would it be outright better to create a DB entry with a foreign key pointing at the remote profile entry to link the local profile with the remote account?
Thanks!
you can add metadata to the accounts. using the authO managment API
Yeah there's a hook for that. You can embed the form yourself using their APIs but it's much more work recreating all of the two factor flows and stuff compared to just using their excellent premade ones.
The redirect is required, you can only have a custom domain. If there is another solution, tell me. ;)
@@Blast-Forward Auth0 Lock...
I like how he predicts the interests of his audience right when they want to learn that type of thing
Would you consider a video about Ory? A open-source auth system with no vender lock-in.
I really wanted to learn this. You read my mind đ„đ„
you are making i wanted 3 months ago , thats so cool ,it would be so helpful anyone else needing these.
You have to pay for almost all good features. Magic email links for example..
Great collab! I generally watch both of y'all anyways, good to see you both in the same video.
Auth0 is nice but i stick with next-auth that was built specifically with next js in mind. They also have built in support for prisma along with way more providers for free.
I am novice. Was what you explained an SDK? And if so, are we to put the sample folder in our root directory?
Itâs too expensive. Amazon cognito is cheaper and while maybe the api is a bit backwards it works great.
Me: Neat a 100 second video
Video: 503 seconds
Me: Hyped About Auth0
Auth0: Money
Me: Checking pricing, then opens funeral and then goes inside.
What about Keycloak? its Open Source but you host it yourself
Where were you with this like 2 days ago when I was trying to figure this out on my own lol. I jest, thanks for the great content! For free no less!
Honestly James Q Quick is kind of a boss
OMG Fireship and James Q. Quick in the same video at the same time?!! My brain just asploded!
Two of my favorite techy teachers at once.
You know what I love more than "...In 100 seconds"?
...In 100 seconds and beyond!
I can confirm that the mind reading business is no joke. I'm now experiencing that and truly believing in it..
Fireship is now beyond perfect.
Woah this is perfect timing. Currently looking into several auth services.
The access token I get from auth0 is invalid, I donât know to fix that, cos it cannot be decoded
Never been so early to great content đ
Great video. Also, for your next one maybe you can do one for debugger with VScode its been long overdue
Auth0 is very cool also as a straightforward solution for 3rd-party/social login.
From đŠđ· đŠđ· to the world
Never heard of Auth0, nice.
What about C# in 100 seconds please đ„ș
Currently using auth0 and struggling with token expiry: Auth0 does not seem to let me set an expiry that's greater than 90 days. Has anybody solved this before?
PS: I am aware of security concerns - but it's fine for my use case
You deserve a Grammy no cap
auth0 is getting better and better
Nice to see James here.
This is something I was looking for my site.
Both of my favourite youtubers. OMG
We want a video about PHP / laravel ..
Or compare them to node.js ..
jeff always posts just on time
What's the theme used here in vs code? Breathing cursor looks amazing
You can have that with keycloak
Anyone else having a lot of trouble getting the sample project up and running? The issue is with the javascript nullish coalescing operator.
I hope firebase also has easier server side auth workflow. it's hard to implement server side auth using firebase admin
5:00
How you get this suggestion on integrated terminal?
Fun fact:open ai also uses auth0
Auth0 is a terrifying Orwellian piece of software.
Thanks both of you very knowledgeable
excited to see you james
how does Auth0 handle other logins from other users or does this handle that as well and no need separate api keys?
6:13 how is that cursor !
This is great but the real question is what's in `jqq-meme` folder? jk, great vid.
This is really nice. But I wonder how much different is the security part of login mechanism vs the security of other parts of the app? Given that auth0 is only going to secure the login, the devs still need to implement security in other parts of the app (which is basically most of the app). So if they are building good security mechanisms for other parts of the app, they should be capable of securely building the login part too?
That's not necessarily true. Many of the authentication systems (Auth0, Firebase, etc.) allow roles, which are what you'd use throughout your app to control access after the login stage. Obviously, if you're not using roles, then sure you have to build your own access control. Otherwise, the roles are in the JWT, so then your concern would be whether JWT is secure or not, not if these authentication systems are useful. And roles can be used inherently in other parts of a backend depending on the provider -- for example, Firestore can use your authentication roles to restrict access to documents.
Used Auth0 with my recent Next project, and I fucking loved it.
your 1 week late. i implemeted auth0 and this vodeo would have helped alot
Does anybody know the name of his vscode folder-icon plug-in?
"this has been auth0 in 100 seconds, but stay tuned.."
instant like achieved
What about Azure Active directory, and how does Auth0 compare with it.
Good job! I really like these type of videos
Can you do one for Gatsby? I have recently started working on a project using Gatsby and it would be wonderful to have a video on it.
p.s - Great video as always, keep it up
deploying to vercel kinda give me problem , it trows an error when i try to login , it says access denied .. any solution to this
Nice video
but please make a C/C++ in 100 seconds.
I would really love that.
passport.js in 100 seconds would be nice
Any idea which extension/tool adds the terminal intellisense at 5:00?
What is the vscode theme that james use?
did u found it ?
tell us bro
Awesome content! Thanks!
I wish you added how to use the managment api with NEXT JS I find it a struggle
Redux in 100s pleaseeee
Finally I can stop hyperlinking the login button to next page.
But can it authorize dn?
Cool stuff but why would i use auth0 if i'm already invested in a cloud provider?
The fact that you don't know the difference between 0auth and auth0 made me anxious ...
I literally just started a website and was using auth0 yesterday, how do you read my mind?
Rust beyond 100seconds
any firebase auth vs auth0 video coming soon?
I want to be able to store custom user attributes, like stuff they've favourited in my system. I also want to allow them to change email - with email verification - if they want to. Can Auth0 do that?
And why?
How has favorited stuff in your system (business logic) got anything to do with security?
Rethink it.
Auth0, or in my experience telling my users asking why they can't login and that is outside my control.
Cloudflare workers in 100 seconds!
Please keep making two versions of videos 100 secs version and a long version. If we interested with the short version we will watch the longer version. Or upload it as same video and mark timestamps.
And I thought he did a face reveal xD (hover over the vid to see preview)
It's just too expensive in the long run imo, I need this but a self hosted version
Can your compare Auth0 to Cognito from aws ?
Hi James! đ€©
that's just what i needed, great work!
Being Honest at first I thought Auth0 was like passport.js or maybe little better like JWT, but didn't know that its a whole package deal with everything from interface to backend to database to 3rd part support included in it... thanks Jeff for this video
I wanna know what vs code theme he uses
100 seconds of OAtuh / OpenID Connect, pleeease!!!
Os tutorial with Rust đ€đ„đ„
Looking forward for the beyond 100 sec.
Hey Jeff, why u kinda looking like James?đ€
Alternative title: Auth0 advertisement in 100 Seconds
Roles and permissions < rolls and parmesans
Auth0 & Next.js đŠđ·đŠđ·