Auth0 in 100 Seconds // And beyond with a Next.js Authentication Tutorial

Подписаться 3,3 млн

Просмотров 459 тыс.

50% 1

Auth0 is Authentication-as-a-Service used to manage the front door to your application. It provides drop-in user auth solutions that look great on any frontend app, and integrate with any backend server. Try it 👉 bit.ly/3peoMQ4
Thanks to ‪@JamesQQuick‬ for going beyond 100 seconds! Subscribe to his awesome channel.
Disclaimer. This video contains a paid endorsement and was produced in collaboration with Auth0. I trust their product and have used it as a customer for many years .
#dev #code #100SecondsOfCode

Опубликовано:

26 сен 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 265

@Fireship 2 года назад

I’ve used Auth0 in several projects and nothing comes close when you need advanced auth features. Here’s 7,000 free users to get started bit.ly/3peoMQ4

@ShashotoANur 2 года назад

There are no replies 😶

@tenslider6722 2 года назад

I have a stupid question, in case Auth0 servers are down for whatever reason, does that mean users for my app won't be able to login?

@zyansheep 2 года назад

@@tenslider6722 very astute observation. Better self-host...

@RamanandSingh 2 года назад

@cryptolicious3738 2 года назад

❓wait a sec, is this so big tech can know who is logging in and when to all your apps ❓ aint nothing free....

@merlijnvanlent 2 года назад

These beyond 100 seconds segments are always interesting. keep up the great work!

@fredrickdenga7552 2 года назад

Wonderful, Jeff⚡🔥thanks for partnering with James Q Quick😎both of yall are real aces with these frameworks🏹

@ChrysusTV 2 года назад

Auth0 looks cool, but when I consider future scaling needs, it's quite expensive. Maybe something to consider once revenue can be predicted. For now I'm using Firebase Authentication (probably as a result of a video from this channel, but I don't remember).

@mooshy5944 2 года назад

This. If you're building a personal project and don't anticipate getting a lot of users Auth0 makes sense, if you're anticipating a lot more user sign ups I would suggest something like AWS Cognito or just building your own. Switching to another auth provider later is damn near impossible so choose wisely.

@ZephrymWOW 2 года назад

@@mooshy5944 switching auth providers is far from "damn near impossible". It is probably one of the easier migrations to do.

@TheBillionDollarSaaS 2 года назад

You can export from fire base and auth0 without a problem.

@mooshy5944 2 года назад

@@ZephrymWOW Okay so how do you export existing Auth0 users into lets say AWS Cognito? Passwords and all?

@unixbashscript9586 2 года назад

Cognito defintely supports import from csv

@docmars 2 года назад

Not as user friendly to setup, but AWS Cognito is a great alternative, and free for the first 50,000 users. Worth doing a video on it as well for comparison!

@TheRonpe 2 года назад

I was hyped, until i checked their pricing.

@Exendes Год назад

Its free below 7k users

@pixelman457 Год назад

@@Exendes now, it's 1k

@edgarwideman737 Год назад

0.02 / month per user... It's not that bad.

@pixelman457 Год назад

@@edgarwideman737 lmaoo.. it is when you’re broke

@TomasDavidcz Год назад

You’re not broke when you have thousands of users. Honestly I was quite surprised how good their pricing is.

@aniketacharya512 2 года назад

The quality of these videos never ceases to amaze me.

@lalitfauzdar3873 2 года назад

For basic auth, Firebase auth is way easier to implement and has a lot of features and for production, AWS Cognito (part of Amplify) is better and cheaper to go.

@Dontcaredidntask-q9m 2 года назад

Cognito is awful + it's not part of Amplify, it can be used with Amplify

@everenjohn 2 года назад

Yeah, stay married to those services.

@chiefdan07 2 года назад

Supabase auth is decent too

@lalitfauzdar3873 2 года назад

@@chiefdan07 Plus it's opensource. I've used it and I really liked the initiative and from some time, I've been a part of open source software and I'm in awe for such people who provide leading class software open-source.

@Hobbitstomper 2 года назад

I find OAuth incresingly scary as an end-user. I use Google for most 3rd party websites to sign-up / login. Yet every week I read new horror stories how Google just mistakenly bans entire Google accounts. The sheer thought that my Google account would get banned for whatever reason, and me not being able to login into 100s of 3rd party website where I signed up via OAuth....scary as hell. And yes, I know this video is about Auth0 and not OAuth (different things). Just felt like sharing my thoughts on OAuth from an end-user perspective.

@ChrysusTV 2 года назад

I feel the same about using Facebook. However, I deliberately use Facebook instead of Google since if I ever lose my account for some reason, I don't also lose my entire email account. Most of the time, the sites keep your email stored and you can recover the account via email, which is only a problem if your email is also terminated (as it would be if your Google account was lost). And of course, I use my own domain for email so I can route mail to whichever provider I want.

@michaelb2047 2 года назад

@@ChrysusTV jeez how about not using a single service to manage all your data but maybe use password manager / hardware tokens / self hosted solutions instead. I see that SaS has its place, but I think authentication isn’t one of them. It should replace things that are you are not capable of hosting it yourself. Authentication is a solved problem and most frameworks make it very easy. I don’t know how trusting another company with all your user data, making yourself dependent and having to use an API is any better than using easy framework look ups from a database.

@ChrysusTV 2 года назад

@@michaelb2047 My KeePass has 372 entries but thanks for your paragraph of concern. I'll use what I want to use, yeah?

@kiandinyari3740 2 года назад

@@ChrysusTV I would recommend against this. I got my facebook hacked and took months to regain control. They have zero support or care to get you your access back. It fucked up my ability to access all sorts of apps like Spotify. I no longer trust any of these universal login things.

@Hobbitstomper 2 года назад

@@michaelb2047 The issue is, more and more websites don't offer their own login system anymore, they only offer logins via 3rd party OAuth of Google, Facebook, Twitter etc.

@felipe3966 2 года назад

HA HAAAA!!! Just in time to improve my ongoing app, what a genious! Thank you so much guys!

@dimalisovyk5277 2 года назад

I've used it for SSO. It works fine, when you need something simple, but for more complex stuff (e.g. custom claims) you need to implement rules, custom databases and so on. As a result, it is easier to implement simple identity server and customize it for your needs. Most of modern backend frameworks support login with Google and other plaforms (auth2.0, openId, saml)

@Viviko 2 года назад

So… basically, I’m now reliant on Auth0 for my own users. And if Auth0 decides to change their rules, I can get kicked out and eventually have to build my own OAuth2 service anyways?

@quasa0 2 года назад

Yeah and you'll have to pay a lot

@arifdevcoding 2 года назад

@@user-if1de8pt2j he meant policies. you know, that's google and google has some good reputation on suddenly shutting down services.

@Viviko 2 года назад

@@arifdevcoding Or if they decide not to support the types of apps I decide to make, restrict collecting certain types of data, etc…

@Viviko 2 года назад

@@quasa0 I mean, depending on your situation it might make sense. But, frankly, for really critical aspects of my apps, I like having control over them. Only for non-critical things or things that are too expensive to implement are what I like to rely on third parties for. For example, hosting services. It’s way too expensive to run my own servers and data centers. So, I’ll rely on AWS or GCP. Email is another example. It would just take too much work to build my own Email service. But, storing users and and authenticating them are kind of really critical. So, I prefer to implement that myself. Plus, it’s not too expensive when you look at the bigger picture.

@MarkEdwardTan 2 года назад

I think Auth0 is expensive and might be good if you have the budget when it scales. I'd rather have my own authentication/authorization using PassportJS :)

@michaelhays 2 года назад

Yeah I've never really understood the appeal of auth-as-a-service, when rolling your own is pretty easy

@ratulsaha9487 2 года назад

@@michaelhays i mean implementing oauth for so many providers is time consuming and too much code writing. People just look for the easy way out. And then we get this. Just one sdk, no need of your own api, easy to use.

@KGIV 2 года назад

Agree. It certainly has a place in larger organizations, especially when it comes to compliance needs.

@ZephrymWOW 2 года назад

@@ratulsaha9487 implementing JWT OAuth is like 10-100 lines of code lmao. Especially if you just use a library to handle it

@ratulsaha9487 2 года назад

@@ZephrymWOW thats email password login. I clearly stated that the lengthy part is the 3rd party providers like google, github, etc

@thisissyedbasim 2 года назад

I really wanted to learn this. You read my mind 🔥🔥

@babyboie20 2 года назад

Great collab! I generally watch both of y'all anyways, good to see you both in the same video.

@seanmccambridge 2 года назад

One criticism I’ve heard of Auth0 is that it’s pricey. How about a video that compares it side by side with Firebase auth and Cognito?

@ThisGuyEdits24 4 месяца назад

Me: Neat a 100 second video Video: 503 seconds Me: Hyped About Auth0 Auth0: Money Me: Checking pricing, then opens funeral and then goes inside.

@AkshatSinghania 2 года назад

you are making i wanted 3 months ago , thats so cool ,it would be so helpful anyone else needing these.

@f1shyv1shy35 2 года назад

Never been so early to great content 😆

@TrevorReimer 2 года назад

Would you consider a video about Ory? A open-source auth system with no vender lock-in.

@koodingfloppa39 2 года назад

I like how he predicts the interests of his audience right when they want to learn that type of thing

@wlockuz4467 2 года назад

You know what I love more than "...In 100 seconds"? ...In 100 seconds and beyond!

@ZeroYT 2 года назад

You have to pay for almost all good features. Magic email links for example..

@Jujukungfu 2 года назад

Where were you with this like 2 days ago when I was trying to figure this out on my own lol. I jest, thanks for the great content! For free no less!

@cm3462 Месяц назад

Honestly James Q Quick is kind of a boss

@86hardluck 2 года назад

OMG Fireship and James Q. Quick in the same video at the same time?!! My brain just asploded! Two of my favorite techy teachers at once.

@IngwiePhoenix 2 года назад

A few questions, and I am just being a little curious here: - Can I embed the login form into my website itself, or is the redirect required? I'd guess I can just POST to the auth0 URL as well, but just making sure. - Is there a hook for account deleting? i.e.: If you wrote a forum with auth0, you'd want to mark an account as deleted once that happens. - How much information can auth0 store, exactly? The profile showcased had minimal information. Is this all or would it be outright better to create a DB entry with a foreign key pointing at the remote profile entry to link the local profile with the remote account? Thanks!

@keooodev7554 2 года назад

you can add metadata to the accounts. using the authO managment API

@bringbackwindowsphone 2 года назад

Yeah there's a hook for that. You can embed the form yourself using their APIs but it's much more work recreating all of the two factor flows and stuff compared to just using their excellent premade ones.

@Blast-Forward 2 года назад

The redirect is required, you can only have a custom domain. If there is another solution, tell me. ;)

@ChrysusTV 2 года назад

@@Blast-Forward Auth0 Lock...

@DiegoHuamanLandeo 12 дней назад

Очень полезное видео для сообщества, спасибо!

@abh1yan 2 года назад

Fireship is now beyond perfect.

@krazymeanie 2 года назад

Auth0 is nice but i stick with next-auth that was built specifically with next js in mind. They also have built in support for prisma along with way more providers for free.

@AB-ub9nd 2 года назад

It’s too expensive. Amazon cognito is cheaper and while maybe the api is a bit backwards it works great.

@srinathganesh6985 2 года назад

What about Keycloak? its Open Source but you host it yourself

@chiefdan07 2 года назад

Woah this is perfect timing. Currently looking into several auth services.

@olorunfemidaramola5470 7 месяцев назад

The access token I get from auth0 is invalid, I don’t know to fix that, cos it cannot be decoded

@michongoma7598 2 года назад

Nice to see James here.

@HaozheYuda1989 2 года назад

auth0 is getting better and better

@chotai 2 года назад

Both of my favourite youtubers. OMG

@idukpayealex 2 года назад

excited to see you james

@copperbeckville1853 Год назад

Auth0 is a terrifying Orwellian piece of software.

@chetanjain4616 2 года назад

Great video. Also, for your next one maybe you can do one for debugger with VScode its been long overdue

@SuperElephant 2 года назад

I can confirm that the mind reading business is no joke. I'm now experiencing that and truly believing in it..

@teckyify 2 года назад

You can have that with keycloak

@nosthrillz 2 года назад

Hi James! 🤩

@prashpatil24 2 года назад

Thanks both of you very knowledgeable

@luizuk4 2 года назад

Awesome content! Thanks!

@bity-bite 2 года назад

Never heard of Auth0, nice. What about C# in 100 seconds please 🥺

@megasage 2 года назад

6:13 how is that cursor !

@Abdullah_hassan_88 Год назад

Fun fact:open ai also uses auth0

@ryann1826 2 года назад

We want a video about PHP / laravel .. Or compare them to node.js ..

@rahulpadalkar6237 2 года назад

This is great but the real question is what's in `jqq-meme` folder? jk, great vid.

@ChumX100 2 года назад

Cloudflare workers in 100 seconds!

@joachim4660 2 года назад

passport.js in 100 seconds would be nice

@BlackdestinyXX 2 года назад

Good job! I really like these type of videos

@danielchukwu524 11 месяцев назад

Perfect 👍👍

@computerscience1152 2 года назад

Rust beyond 100seconds

@coconutz4535 2 года назад

What is the vscode theme that james use?

@majidraimi 2 года назад

did u found it ?

@Manish_._369 4 месяца назад

tell us bro

@rwlc 2 года назад

Used Auth0 with my recent Next project, and I fucking loved it.

@YanickSteinbeck 2 года назад

Currently using auth0 and struggling with token expiry: Auth0 does not seem to let me set an expiry that's greater than 90 days. Has anybody solved this before? PS: I am aware of security concerns - but it's fine for my use case

@dongums 2 года назад

I hope firebase also has easier server side auth workflow. it's hard to implement server side auth using firebase admin

@GlenBondMogane 2 года назад

The beast inviting coolest dude

@mrrishiraj88 2 года назад

Great content always

@themisir 2 года назад

Alternative title: Auth0 advertisement in 100 Seconds

@khakcsar 2 года назад

Finally I can stop hyperlinking the login button to next page.

@piecepaper2831 2 года назад

your 1 week late. i implemeted auth0 and this vodeo would have helped alot

@prajyotmayekar328 2 года назад

Woooo 🙌🏻

@mezosameh3078 2 года назад

Redux in 100s pleaseeee

@mensch4434 2 года назад

Yea 100 Seconds 👍

@jcjiron 11 месяцев назад

Thank you thank you thank you!

@priyankamurmu6228 9 месяцев назад

What's the theme used here in vs code? Breathing cursor looks amazing

@tapu_ 2 года назад

But can it authorize dn?

@sushiwaumai4773 2 года назад

passport.js in 100 seconds!

@okmiedga 11 месяцев назад

Anyone else having a lot of trouble getting the sample project up and running? The issue is with the javascript nullish coalescing operator.

@unpunished123 2 года назад

Love you from Bangladesh

@San_OO7 2 года назад

Sorry I keep my data, love next-auth

@armaanchoudhary 2 года назад

And I thought he did a face reveal xD (hover over the vid to see preview)

@kraskaska 2 года назад

that's just what i needed, great work!

@neyliolol 2 года назад

The fact that you don't know the difference between 0auth and auth0 made me anxious ...

@saulramirez727 2 года назад

Thank you so much

@samuelbento4587 2 года назад

Looking forward for the beyond 100 sec.

@h3w45 2 года назад

Notification squad

@arsenidziamidchyk2972 2 года назад

Was I the one who wanted to hide message pop up 😆

@tacomixen 2 года назад

Nice!

@fatgolem69 2 года назад

Nice video but please make a C/C++ in 100 seconds. I would really love that.

@CANIHAZURDREAMSPLS 8 месяцев назад

how does Auth0 handle other logins from other users or does this handle that as well and no need separate api keys?

@richardebrain 2 года назад

deploying to vercel kinda give me problem , it trows an error when i try to login , it says access denied .. any solution to this

@HendersonHarrisson 2 года назад

What about Azure Active directory, and how does Auth0 compare with it.

@manfyegoh 2 года назад

any firebase auth vs auth0 video coming soon?

@keooodev7554 2 года назад

I wish you added how to use the managment api with NEXT JS I find it a struggle

@syedumararfeen8146 2 года назад

Thanks 👍

@emaxix7 2 года назад

Any idea which extension/tool adds the terminal intellisense at 5:00?

@hos7012 2 года назад

Awesome

@Ragnarok540 2 года назад

Auth0, or in my experience telling my users asking why they can't login and that is outside my control.

@yt-sh 2 года назад

this was cool

@DK-ox7ze 2 года назад

This is really nice. But I wonder how much different is the security part of login mechanism vs the security of other parts of the app? Given that auth0 is only going to secure the login, the devs still need to implement security in other parts of the app (which is basically most of the app). So if they are building good security mechanisms for other parts of the app, they should be capable of securely building the login part too?

@ChrysusTV 2 года назад

That's not necessarily true. Many of the authentication systems (Auth0, Firebase, etc.) allow roles, which are what you'd use throughout your app to control access after the login stage. Obviously, if you're not using roles, then sure you have to build your own access control. Otherwise, the roles are in the JWT, so then your concern would be whether JWT is secure or not, not if these authentication systems are useful. And roles can be used inherently in other parts of a backend depending on the provider -- for example, Firestore can use your authentication roles to restrict access to documents.

@KshitizArya17 2 года назад

Can you do one for Gatsby? I have recently started working on a project using Gatsby and it would be wonderful to have a video on it. p.s - Great video as always, keep it up