Ding, Ding, Ding! Who’s that at the door? (The door being a metaphorical construct for the web page you’ve just opened). That’s right! It’s me, Danny! Remember me? Who cares! Let me tell you about someone who isn’t me, namely Ben Awad.
Actually wait, hold up. I’ve been lying to all of you, and I need to clear my conscience under the witness of the heavens above and the hells below. I am not a triple major. After taking a math class this semester, I have determined that my time would better spent on other classes than math. I suppose I should probably change that on the web description. Now while I know this earth-shattering revelation affects precisely 0% of you readers, I thought I would clear those matters up before the Jersey Devil caught scent of my malfeasances and deceptions.
K, enough about me. Let me tell you about Ben Awad. Those of you especially exalted readers who have been regularly keeping up with my postage (I can’t imagine that’s proper usage, but who the frickedy frick cares) will know that there are several people who I regard as loves of my life. Grimes, Elon Musk, Corey Schafer, the usual suspects. But let me spin you a tale, (hopefully) enraptured reader, of a boi forging an app who got lost in a deep deep sauce, saw no way out, but then was saved by an unsuspecting YouTube channel.
It all started last week when I essentially finished the bulk portion of the front end for SSAP (super-secret app project). I was in a state of high glee, and I decided it was time to turn my attention to user authentication and registration.
Now then, for most of you schmeags, all authentication is to you is the simple action of hitting the “sign in with Facebook” button and having all your life problems solved. For me, authentication was nothing less than a zombaic dire wolf lurking in the darkness, waiting to sink its teeth into my left shin (this particular dire wolf has an affinity for the left shin. Experts are unclear why it would go for the left shin instead of the right shin, which is known to have potent healing properties, but I suppose you’ll have to just contemplate that on your own time).
Let me pop out of my narrative for just a moment because I imagine that discussion of a metaphorical dire wolf has entirely derailed my train of discussion. Why is authentication such a butt? Because, as I imagine you sensible readers know, this is where ruthless hacking and spamming can occur. In order to prevent this, there are all sorts of protocols and practices in place like OAuth, JWT authentication, refresh tokens, API throttling, to keep this from happening, but it’s a scary world. Alright let me hop back into my train of narrative.
There I was, in the metaphorical darkness, my ears bleeding for any sound of the dire wolf lurking towards me, when there, above the horizon, I saw a light. As quietly as I could, I crept toward this light. As I approached the source of the blessed warm rays of light, I heard a snuffling to my right. I was able to fling myself upon the ground just moments before the dire wolf leapt toward my left shin, eager for developer flesh.
As luck would have it, the dire wolf sailed over my body, and I scrambled toward the light, blood pumping in my ears, adrenaline coursing through my veins. The wolf must have taken a nasty tumble, because I was able to make it to the center of the wonderful luminesce. And there, shining like a beacon in the night, were the words “Amazon Cognito.” I thanked all the unknown divinities watching over my passage through the night, and looked closer at the glorious words, wondering how I might be able to use this magnificent tool. But to my horror, upon reading the fine print, I learned in order to use Cognito, I would have to give up not only my first born, but also my second born child. I sank to my knees, and wept bitterly, wondering how the universe could be so cruel.
Ok, let me pop out of the narrative again. So basically Amazon Cognito is an Authentication as a Service (AaaS) platform that handles all the various aspects of user authentication for you. This is obviously pretty great because you, as the developer, don’t need to worry as much about security concerns with respect to your application. The catch here is the “as a Service” portion of the title. While Cognito is initially free (up to like 50,000 monthly users! Dang!), after that, it starts to cost you a butt ton of money. Also, from what I can tell, it’s either difficult or impossible to transfer your user information out of Cognito, so once you start using it, you’re basically locked in. Back to the narrative.
There I was, a broken man, lying close to a source of glaring brightness. The brightness, however, had lost its cheery glow and now only cast a cold, lifeless glare over the surrounding forest. Utterly defeated, I managed to glimpse another source of light further into the forest. I could hear the wolf snuffling in pain from its earlier fall a good distance away, so I stumbled back into the dark forest towards the other light source.
I approached what looked to be a similar shining object as Amazon Cognito lying on the forest floor. Slightly squinting, I could make out the words “Auth0” shimmering up at me. Wary from my experience with Cognito, I carefully read through the pricing model of Auth0, and once again I was struck with a sense of galactic brutality as I read the Auth0 requires their users into slavery in exchange for its services. I maliciously cast Auth0 back to the ground, and hunched my way back into the forest, looking for anything.
After several more hours, I found one last source of life, “Okta.” Okta was similar to Auth0 in its terrible price, so I slumped back through the forest and eventually lay down at the base of a great tree, waiting for the dire wolf to find me and relieve me of my left shin.
Hopping out of the narrative. As you may have guessed, Auth0 and Okta are also AaaS. From what I can tell, they have more features than Cognito, but they’re even more expensive. It’s honestly egregious. Let me tell you, I’m not a fan. Hopping back into narrative.
For hours I lay at the base of the great tree waiting for the wolf. Delirious and starving, I thought I was dreaming when I heard the faint glittering of bells toward me right. As I lay there, powerless to stand, I glimpsed a glowing figure approaching me. The figure knelt down beside me, and gently placed a hand on my chest. As though I had been touched by the very hand of the divinities, I felt strength rush through my body. I staggered to my feet, and even as I watched, my arms and chest began swelling with thick cords of raw muscle. Not my legs though, because even supernatural forces can’t save you if you skip leg day.
I looked over my powerful new body, feeling my deltoids flex as I stretched my arms around my body. I looked at the glowing figure, and saw that he was hooded. From within his robe, he withdrew two swords.
“This sword is called ‘Json web token,’ and the other’s name is ‘Argon2’,” he told me. “With these weapons in your hands, not even the dire wolf will be able to stop you.”
I took the swords from him and tested their weight and balance in my hands. Even as I did so, he unsheathed a dagger and offered it to me as well.
“This dagger’s name is ‘Graphql.’ I offer this as a gift and a peace offering, for you to use it as you see fit.”
As I sheathed the dagger, the hooded figure turned away and began walking back into the forest.
“Wait!” I called, “Why have you given these to me? Who are you to do so?”
The figure turned back to me, and I could faintly see a smile playing across his lips.
“I am Ben Awad,” he said. “Freely I give you these gifts. Now go, defeat the wolf and reclaim your destiny!”
He raised his left hand, a badly scarred yet powerful looking appendage, and made a thrusting gesture towards me. I yelled out in surprise as the forest folded in around me, in a suffocating, yet potent display of sorceraical dominance.
For exactly three seconds I hurtled through a mottled darkness, unable to move even my smallest finger, but then, as quickly as it started, reality unfolded, and I found myself standing in the light of Amazon Cognito once more.
I squinted, my eyes adjusting to the bright light, and I heard it before I saw it. I put a hand over my eyes to guard against the glare, and there before me lurked the dire wolf, in deep crouch.
Even before I could prepare myself, the wolf leapt. I dodged to the right, but not before the wolf grazed my left shoulder with one of its front claws. I staggered to the side and drew Json web token and Argon2 from their sheaths.
The wolf had regained its footing and was already pouncing at me again. I was able to crouch to the side, and I swung Argon2 over my head as the wolf sailed overhead. I felt the sword thud against the wolf’s pelt just before a sickening yelp escaped the beast.
I had lost my footing when the Argon2 had struck true, and before I could get to my feet, the wolf had already turned and was hurtling back at my unstable form.
And in that instance time slowed to an ungodly creep. Twenty feet above the ground, Ben Awad was levitating, a hand held outstretched. I lowered my eyes back to the wolf, to see the monster flying towards me as though through a thick syrup. Murder gleamed both in the dire wolf’s eyes and teeth, its terrible glare fixated on my shin.
Though my arms moved at agonizingly slow rate, I drew both Json web token and Argon2 and directed them towards the wolf.
In those final moments, I could see that the wolf recognized his error. The murderous glare in its eyes turned to fear as it hurtled towards my outstretched swords, powerless to stop the inevitable.
Overhead, Ben Awad made a clutching motion with his hand, and time quickened to its standard pace. The wolf slammed into me, and I felt my swords slide through its unprotected body. The beast made a horrific gurgling noise, and then its lifeless form fell on top of me. And even as I lost consciousness from the exertion of the battle and my wounds, I knew that with Ben Awad’s help, I had just conquered the dire wolf of user authentication.
Ok, concerned readers, I’m well aware that we just hit the eighth page. This is a new record. So then, in a manner horrifically similar to high school English classes, let’s sit down and quickly unpack this. Basically, after realizing that Cognito, Auth0, and Okta were all no goes unless I wanted to do the equivalent of dropping cash off a cliff, I desperately hunted through the internet looking for ways to properly approach user authentication. After literally hours, I randomly stumbled on a YouTube video about using Json web tokens (JWT) for authentication. As you may have guessed, this video was by a lad named Ben Awad. It was a veritable bucket of gold. I’m not sure where Ben Awad works, but he’s an American Hero at the very least. His videos are really just well-distilled alfredo when it comes to clear descriptions of authentication flows and implementation. As you might have guessed, Ben Awad is the lomlofm (Love of My Life of the Month).
To keep this from going to nine pages, I’ll wrap this up by saying for the 0.5% of my readers who care about server programming, Ben Awad is your boi. Check him out, smash that subscribe button, ask for his hand in marriage, all of these are appropriate. Mahalo nui loa.