using an actually trusted and secure auth provider
rolling my own auth
?
https://dev.to/devlawrence/should-you-really-roll-your-own-auth-4dj
