Does it make sense to use your own implementation of authentication and authorization using JWT in projects when there is OAuth2?

H

hayipoji2022-01-29 00:50:09

OAuth

hayipoji, 2022-01-29 00:50:09

I mean use only authorization through social networks. network, without the possibility of registering on the site itself directly. Can this do me any harm in the future?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

D

Dmitry Sviridov, 2022-01-29
@hayipoji

In all my projects, authorization through social networks is also used. networks, and authorization via email-password. I didn't really understand how OAuth2 conflicts with using JWT tokens. You logged in via VK, let's say, and the backend of your site after that generated a pair of tokens (access - jwt and refresh - a regular token). That is, OAuth2 is essentially delegating authentication to a third-party service where the user has already been registered before. And after that (with successful authentication), you generate tokens (on your server) and twist (I'm talking about rotation) them yourself as you want (this no longer applies to OAuth2). So the answer is: one does not exclude the other.
Or are you asking if it makes sense in 2022 to leave the ability to register via email + password? If yes, then it depends on the business requirements. As the task is - so do it. In all my projects there is registration, including via email + password (and it was not my decision).

Can this do me any harm in the future?

This is decided by managers who form business requirements, not by the performer.
Ps I will duplicate for everyone else here: https://gist.github.com/zmts/802dc9c3510d79fd40f9d...