Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
Good. Look into some providers and see what fits your software and business. Auth0 would be my first recommendation, or if you're interested in OSS and self-hosting instead, maybe Keycloak.
I use PassportJS to manage authentication strategies and express-session with connect-redis to manage user sessions. What this means is that when a user logs in, their session is created on redis and has an identifier assigned to it which is stored in a an http only cookie on the user s browser with 2w expiry time. If they login again, I extend the expiration date (possible using express-session)
Though I am using bcrypt to hash passwords, recommended approach currently is argon2
Good. Look into some providers and see what fits your software and business. Auth0 would be my first recommendation, or if you're interested in OSS and self-hosting instead, maybe Keycloak.