Is Clerk a good choice to build a real auth management?
I want to give Clerk a try.... as you know auth-js is still in beta mode. is Clerk a good choice to be flexible and free from unexpected bugs?
7 Replies
Clerk is good, one of the best auths provider imo
Except you have to pay for other auth features
Good for personal projects
There also superbase and Auth0 etc
My current stance is to start any project with clerk and replace only once proven it does not fit the project. It is so easy to start with, it'll allow you to focus on other parts of the initial coding.
I want to add it for a company product but I’m still confusing to use it. I do a quick poc and I recognize that it’s storing users in clerk dashboard is that safe?!
Yes Is so true
I'd say it's common question regarding any external auth provider. But this is also much more complex topic than you'd wish. It is storing them outside. True. How much of that info is stored there depends on your config. They are a company focusing on auth, so I'd guess their own storage is much safer than 90% of code people write to manage users in own database. It is still an additional attack vector in theory, so you'd have to accept that risk, even if it is very small. Another thing is legality. Different countries have different law requirement regarding where user data is stored. The same goes for company policy.
To sum it up - you need to check these things out with your company requirements and lawyers if you want to be thorough.
Personally, I do accept the small risk coming from externalizing user data storage. On paper that is added risk, which is probably countered by a fact, that people doing auth know more about implementing it safely than any average dev.
Thank you for this clear answer 🙏👍
Be sure to add solved tag if you are happy with the answer 😉
Sure