AuthFlow.net
Much of 2024-25, I was building a WebRTC-video -based and ChatGPT-integrated dating app, and it was ~5x more complex than its offspring, AuthFlow (especially the RTC Peer-to-Peer negotiation Javascript, with their Many-to-Many data models, which required elaborate end-to-end testing, to say the least). That said, because our co-founder and I’s dating app kept getting hacked–despite no matter how many times I’d rewrite/retest and re-vet/re-silo its entire stack–eventually, since its authentication was the most security-sensitive aspect of the app, which we couldn’t seem to keep in production very long without having to thwart increasingly-complex attacks on our infra, at some point I realized: what was I actually working on most-successfully (and much more consistently than the WebRTC aspects of said app, which although complex, were solid) amidst all of this? It was the authentication-parts of the Product our angel-investor and I had now gotten VERY hardened in production. So finally, when we ran out of funding–no runway remaining for the very largescale product’s advertising to potential daters within a reasonable budget, it occurred to me: our authentication is literally now more-secure now than any auth I’ve ever written (or even the auth integrated from Auth0 et al in earlier versions of said dating app, which since it’d kept getting attacked simply for being a dating app we’d integrated [so-apparently], had caused me to revert to simply writing our own auth, and hardening significantly). Not many other options remaining, I “made lemonades from lemons”, and went back to said investor–retired Emergency Room Doc–and I told him “hey Doc, we’ve still got something here, even though the video-app keeps proving a no-go”. That’s how AuthFlow was born, and it’s the least- consumer-developer -expensive, simplest, most-secure authentication PaaS we know of, for email/password token-auth. After years of wiring upstream authentication providers, f.e. more-complex auth models such as OAuth, or SSO/SAML/FedId, it’d finally occurred to me: why do all these platforms not simply follow “KISS”–Keep It Simple Silly–and just offer a simpler, lower- subscriber-cost -modelled, super-easy-to-integrate RESTful API, for doing “no-brainer” developer JWT token-auth? “Et voila,” AuthFlow!! If you’re a web developer like me, and you’d like to skip the hassle of writing your own authentication TODAY, then we’re starting at $1.99/month (that’s ONE DOLLAR, 99 pennies), check us out! Not to mention our algos use all the highest-keyspaces. Have you ever struggled with tech support at Auth0 or Supabase, where it’s seemingly-impossible to get ahold of a human developer for upstream security-updates? With AuthFlow, that’s me–when I see CVE, I make the code-change to keep us secure, zero-day–or when NIST (National Institute of Standards and Technology) pubs a new standard on more-secure crypto, I simply hot-deploy the update then-and-there, keeping your products’ users secure–no redtape!! (Also: another great reason to use AF: when we grow, we may even be hiring.) 📌