Hey everyone! A year ago, I launched my first website—a Tekken 8 statistics site—which has been getting some decent traffic with around 100k monthly active users according to Google Analytics. I'm now looking to add user authentication and accounts for some new features, but I'm feeling a bit stumped about where to start.
I've been exploring various authentication options like Zitadel, Keycloak, Supabase, Firebase, and Pocketbase. Right now, I'm torn between Keycloak, Supabase, or just rolling my own solution using Spring Security. However, I've heard that building my own authentication can lead to security issues, and I want to avoid that.
Given that my site runs on VPS boxes, which option would make the most sense? I'm particularly concerned about keeping costs down. Supabase is appealing since they offer 50k users for free, which seems generous, but I'm unsure if I'll ever reach that many users.
If you're interested in checking it out, here's my site: https://www.ewgf.gg/. I'd really appreciate your thoughts on the best approach to take. Thanks a bunch!
4 Answers
I’ve used Supabase, and it's really easy to set up. They support magic links for login, which can enhance user experience. Definitely consider it if you're looking for something turn-key.
Honestly, for a site like yours, managing your own authentication isn't as risky as it might seem, especially if you follow best practices like hashing passwords. Spring Security would work perfectly for your needs! Just keep in mind that using a third-party service can add complexity and costs, especially if they have outages or security breaches.
With your traffic, I'd advise steering clear of SaaS options like Supabase or Auth0 because those bills can blow up once you surpass their free tiers. Stick with Spring Security; it's secure, free, and works seamlessly with Java. It's the standard in the industry and fits your current setup well.
I’m a fan of Supabase too; it pairs nicely with Next.js. Just be sure you run the numbers on costs before you commit—especially since you’re already on a VPS. Rolling out your own backend isn’t too hard, so that might simplify things.
Thanks for the tip! I’ll definitely look into the cost analysis before making a decision.