Discussion Participants: Roanna, Hans, James, Stephan
Completed - See trello card: https://trello.com/c/8KEgl3nv
Our handling of user data is far from bullet-proof. We have stumbled upon cases where SQL injection is possible and the current password encryption is only md5. Additionally, we are building a new mobile app in React and Flask and need to implement a way to handle authentication there.
- Security / Risk for us
- Ease of Use
- Cost
- Building our own authentication solution
- Google Firebase
- Auth0
We are going for Auth0 since
- we have prior experience with Auth0 in the team,
- a first test in an afternoon coding session were satisfying and
- Auth0 offers a free plan for Open-source projects.
We are not building our own authentication solution to reduce the security risks coming with handling g passwords.
- We can almost drop a whole user flow.
- Switching between mobile and desktop application.