Ask HN: What are you using for authn/authz and payments?
3 points
4 hours ago
| 1 comment
| HN
I've had a few side project ideas over the years but have never implemented one because I lack knowledge in (but willing to learn):

* implementing social logins (OAuth), account management, etc.

* managing backend permissions (RBAC always looks more complicated than it should be). My projects might have three tiers: free, hobbyist, pro

* handling payments securely while actually monitoring for abuse/intrusion

Which social logins are allowed to tie into your project?

What are you using for authn/authz? My projects would be very low traffic, so I wouldn't want to commit to a big monthly spend. Are you rolling your own or using Auth0/Clerk/Supabase for auth and Stripe for payments? I'm comfortable with AWS, Cloudflare, Go, JS, and Linux. Are there any GitHub repos that I can look at for this?

How well do frontier LLMs (Claude Opus, etc.) do at generating clean, auditable code for this kind of thing? Is anyone actually trusting AI-written auth/payment code and how do you review it?

artpar
2 hours ago
[-]
hey I have built daptin for this and been running all of my projects with daptin as the sole backend server for data/authn/authz.

1. oauth/account management -> daptin can serve itself as a oauth provider as well as allow "login via oauth" on 3rdparty oauth servers. you get a full managed account including forget/reset password

2. permissions -> this involves more than rate limits, like who's the owner of what and you can manage permissions at user/guest/group level

3. handling payments -> fraud monitoring is usually part of the payment processor and you are not supposed to do much about it

and these days you can point your llm agent to the wiki to get most of the stuff done without needing to read the docs yourself. you just need a cheap vps (the $5 ones on digital ocean will be more than fine).

https://github.com/daptin/daptin/wiki

https://github.com/daptin/daptin/wiki/Permissions

reply
jftuga
1 hour ago
[-]
Thanks for the detailed reply. I'll definitely check this out. What type(s) of projects have you created that use this?
reply
artpar
1 hour ago
[-]
100x.bot is completely powered by daptin, canaster.in (work in progress, i am redoing the frontend in webgl) is also running on daptin. there are various internal company services which are running on daptin which i cannot name here.

almost any project which matures to requiring a user authn/authz (and there are always assets owned by users) i default to using daptin

I have hardened it a lot over the last 10 years, especially in terms of transaction/concurrency/security. happy to help you setting it up in your project. you can dm me ( x.com/phparth ) or leave an issue on the github repo

reply