#038 - I Got Caught Rolling my Own Auth... feat. Dev Agrawal

Lane chats with Dev Agrawal— content creator & Developer Advocate at Clerk! Tune in as they discuss DevRel, authentication vs. authorization, JWT, and so much more in this episode. 

Learn back-end development - https://boot.dev
Listen on your favorite podcast player: https://www.backendbanter.fm

Dev's Twitter: https://twitter.com/devagrawal09
Dev's Youtube: https://www.youtube.com/@devagr

• (00:00) - Introduction
• (00:50) - Is Dev's name really Dev?
• (02:10) - What is it about writing code that scares Dev?
• (02:50) - JavaScript is one of the worst with dependencies
• (03:09) - Dev's ideal world
• (03:20) - .NET and Blazor
• (03:59) - Blazor explained
• (04:36) - WASM on the Front-end
• (05:04) - Is Blazor unique to C# ?
• (06:11) - What is a DevRel?
• (08:07) - Lane's experience
• (09:13) - You shouldn't roll your own Auth
• (11:59) - Undifferentiated work
• (13:56) - Authentication vs Authorization
• (16:19) - Regarding Auth, which is a bigger pain point for companies
• (16:48) - Pain points of Authorization
• (18:38) - Pain Points of Authentication
• (20:23) - Lane's perspective
• (22:29) - Using a third party for authorization
• (24:27) - Is Clerk used for both Authentication and Authorization?
• (26:16) - JWT explained
• (28:39) - Where is the users' data stored?
• (29:27) - Features are developed as needed
• (29:52) - Auth coupling to the rest of the system
• (30:16) - Webhooks listeners to access user session data
• (31:03) - Postgres foreign-data wrapper
• (32:09) - Microservices sharing databases
• (34:29) - CQRS
• (37:37) - Average size of a company that uses Clerk
• (40:50) - What are the most used ways to sign-in
• (42:04) - Stances on passwords
• (46:56) - OAuth
• (50:33) - Why Lane dropped Sign-in with Twitter/X
• (51:14) - What do popular services usually use?
• (52:24) - Sign-in with Google
• (57:39) - Unpopular opinion on Auth related web architecture
• (01:00:17) - 2 ways of doing authentication
• (01:05:59) - Where to find Dev