Ask HN: OAuth or Session Management? Authentication between SPAs and back end
2 by Draken93 | 0 comments on Hacker News.
Is Authentication between a 1st party front end a 1st party back end a Task for (Cookie) Session Management? Some articles like [1], [2] seam to share the opinion that OAuth should be used in its traditional use case: "Granting an applications the access to the resources of a user/resource owner or the do actions on behalf of the resource owner" [1] https://ift.tt/3cfxLXp [2]https://ift.tt/3dmvVGr On the same time I know that SaaS like Okta, Auth0 etc. are often used to solve the problems of authentication or session managment. But those Services do use OAuth2.0. On the same time there are Solutions like supertokens or Ory Kratos, that do not use OAuth2.0. Honestly: I am very confused what solution is the best regarding security and ease of deployment.