I would disagree here. You probably need OAuth with popular social services and implement username, password or OTP-based auth overall. For an MVP, you don't need to care about more details beyond this; it is hardly 10% of the entire effort, if not 5%.
Social logins, email logins, password resets, multi-tenant, organizations, many to many users to organizations, etc etc. Not necessary for MVP, but can definitely be painful hacking in later if the MVP hits.
What you are talking about is in a large part authentication. You can do authentication using an external service and still have your user table locally. You can also do authorization locally with a local session table while leaving authentication to a SaaS.
Indeed it depends of course. Though I don't find it fair for those requirements to be presented as table-stakes and required, as my original parent comment seems to have done.
I would disagree here. You probably need OAuth with popular social services and implement username, password or OTP-based auth overall. For an MVP, you don't need to care about more details beyond this; it is hardly 10% of the entire effort, if not 5%.
I feel seen. It's compounded if you also need to add HIPAA row-level security compliance that spans to every form of resource.
…use Django, install auth modules
It takes like an hour. So that's a quick mvp then
Social logins, email logins, password resets, multi-tenant, organizations, many to many users to organizations, etc etc. Not necessary for MVP, but can definitely be painful hacking in later if the MVP hits.
What you are talking about is in a large part authentication. You can do authentication using an external service and still have your user table locally. You can also do authorization locally with a local session table while leaving authentication to a SaaS.
By the time you're so big you need all of that, there will be other people at the table to "hack that in".
I strongly disagree. If you’re selling to other businesses, much of that is an expectation.
Social logins, multi-tenant and organizations are very far from table-stakes for an MVP.
Whether it's painful to put in later or not is sadly nothing that the managers and executives concern themselves with.
Depends on the company and product. The SSO/Social login, multi tenant and multi platform are indeed needed for my MVP.
Indeed it depends of course. Though I don't find it fair for those requirements to be presented as table-stakes and required, as my original parent comment seems to have done.
All I am seeing here is Django modules
Django, Rails etc handles this.
So... you just have to not build your web app in the most popular web app language? Somehow i think there will be big time debt from that decision
Those are both very popular languages for web backends, and both of those platforms are mature and robust.
[dead]