Hacker News new | past | comments | ask | show | jobs | submit login

You might want to look into how Hasura does auth. IMO it's really well thought through. However, it doesn't handle the actual authentication, just the access permissions afterwards. If you could layer firebase-style auth "strategies" (email/password, Facebook, Open ID, etc) on top of that kind of system, while keeping everything accessible directly in the main database, that'd be pretty awsome.



IOW, Hasura does authZ vs authN, right?


For a little more context for those scrolling past, I'm assuming this is around: authentication vs authorization.

Check the person is who they say they are (authenticate), and then check they're allowed to access the thing they want to view (authorize).

The first is quite easy to abstract, the latter is basically custom to most applications (for different definitions of "custom").




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: