Imagine you’re working on a monolithic application that includes a home-grown authentication system. Over the years, the authentication function has received upgrades here and there to improve security and to stay reasonably up-to-date in a changing world.
Sooner or later — perhaps triggered by considering different growth paths and how best to make use of developer time — you start to recognize that your in-house Identity stack is a limiting factor:
- Integrating with partners and other technology components requires custom work
- Maintenance obligations are distracting from work on your core app
- Meeting regulatory requirements for privacy is an ongoing challenge
- Providing different access privileges to different types of end users is becoming more complicated than ever anticipated
- With every breach headline, you’re reminded of the constant need to strengthen security
Shopper Approved found themselves in a similar situation — in 2017, the company’s ambitions were outgrowing the home-grown Customer Identity capabilities of their monolithic PHP app.
With that realization, the search was for a third-party authentication solution.
Why Shopper Approved chose Auth0 by Okta
Since its launch in 2010, Shopper Approved has helped over 20,000 eCommerce brands — from mom-and-pop shops to global enterprises — generate more online trust, visibility, and conversions.
“We knew we wanted to replace our login and authentication mechanism, and we needed a solution that would ‘tango’ with our Laravel front-end templating engine,” Christopher Budge, Shopper Approved’s CTO recalled, “but we didn't know which direction we wanted to go in.”
“The Self-Service pricing was really attractive to us. The other providers that we found were prohibitively expensive for what was initially an experimental project, and not a lot of them had the adaptability that we needed to integrate into our existing application.”
– Christopher Budge
CTO
Shopper Approved
While searching online for ideas and options, Budge came across Auth0 — and, in particular, the Self-Service plans.
“The other providers that we found were prohibitively expensive for what was initially an experimental project, and not a lot of them had the adaptability that we needed to integrate into our existing application.”
The Self-Service option gave Budge and the wider team plenty of time to perform due diligence. “We looked for a long time before ultimately deciding upon Auth0,” he shared. “The more I dug into it, the better it looked.”
The ability to explore the solution in a hands-on manner, without a commitment, helped the team to make an informed choice. Budge explained that:
“I got together with our technical lead and programming contractor, and they started playing with it — and then they said, 'Yeah, we think this is going to work.”
– Christopher Budge
CTO
Shopper Approved
While every organization’s Identity journey is unique, here’s how Shopper Approved implemented Auth0.
Migrating Users from the Legacy System to Auth0
No matter how much preparation is done, a migration is always a nervy thing. As it turns out, those nerves were unnecessary — Shopper Approved’s migration from their legacy, home-grown authentication system to Auth0 went off without a hitch.
Budge recalled, “We weren't sure how well our system would adapt to having its old authentication system ripped out and something new put in its place, but the migration actually exceeded expectations. Within 24 hours, we were able to ingest our entire user database into Auth0 and have them set up as users able to log in.”
However, migrating users was simply the foundation for modernizing the experience for Shopper Approved’s customers, with Budge adding, “The universal login allows for such a smooth application login and flow. And our marketing team has really appreciated the customization and branding options that allow us to deliver a better customer experience.”
Letting quickstarts guide the way
One of the first things Budge’s team did was explore Auth0’s step-by-step quickstart guides to get a feel for the overall migration process.
“The quickstart guides were dead easy. Plus, between your host documentation and the notes in GitHub, it’s really, really easy as a developer to figure out ‘where am I and where do I need to go?’” and ‘What’s next?’”
Leveraging SDKs
SDKs reduce the developer effort required to implement specific use cases, and Budge’s team found exactly what they needed among Auth0’s 40+ SDK libraries.
“Your SDKs are written really well, and your APIs are documented really well. So, code-wise, it’s extremely easy to interact with the platform — you can get going and don’t really have to think hard about it.”
Building User Profiles
User data can come from many sources, including your own databases as well as social, legal, and enterprise identity providers. Some examples include Google, Facebook, Active Directory, and SAML.
In Shopper Approved’s case, there was an added complication — practically every user profile that had ever been created in their system still existed, and collectively, many of these profiles had inconsistent and incomplete data. But, perhaps counterintuitively, the upgrade actually presented an opportunity to clean up the user database. Budge’s migration script identified existing user records that were poorly formatted, allowing the team to quickly correct any issues — ultimately improving the overall structure of the company’s user data and laying a strong foundation for efficient scalability.
“The way your user profiles are set up — they’re just really easy to understand, manipulate, and customize. The data structure was easy to map to what we had and what we needed.” Maybe even more importantly, Budge recalled that “It just worked. When we were playing around with it, we saw that it does exactly what your documentation says it does.”
Innovating With Identity: Exploring Passkeys
The Identity domain is always evolving, with new specifications, standards, and regulatory requirements frequently appearing.
Unsurprisingly, one of the reasons why Budge was so eager to introduce a leading off-the-shelf solution was that it would allow the company to keep pace with these changes — while at the same time allowing the team to apply their finite resources on their core value proposition. In short, he knew that choosing Auth0 meant that Shopper Approved’s CIAM needs would be met today, tomorrow, and as far into the future as he could imagine.
Like many CTOs, Budge had closely been following passkeys — FIDO credentials that are discoverable by browsers or housed within native applications to enable — and was excited by their potential to provide a highly secure and very convenient user authentication experience.
“I’ve been watching passkeys for a long time, and — literally the day I got the announcement that they were available — I jumped right in. We really enjoyed rolling them out early to our organization, and we’ve had zero issues. And it’s great that we didn’t have to build passkey support ourselves!” Christopher Budge
Enjoying Ongoing Value
Budge’s hopes for lower support and maintenance obligations have come to fruition. “We have not had to spend a single development hour at all on user authentication and login — it's never failed, and it's never broken.”
Similarly, the upgraded security is evident.
“We've had many security researchers and penetration testers try to break in. Every time they run smack-dab into Auth0.”
“We have not had to spend a single development hour at all on user authentication and login — it's never failed, and it's never broken.”
– Christopher Budge
CTO
Shopper Approved
Get started in minutes — for free — with no humans (other than yourself) required!
We’ve always tried to make things less complex for developers, which is why our Self-Service plans allow you to create a trial account with nothing more than an email address. During your 22-day trial period, you can create a simple app, configure its look and behavior, and explore the Auth0 solution in detail — giving you plenty of time to really get your hands dirty.
Plus, anyone using our products can take advantage of resources including quickstarts, 40+ SDKs, detailed guides, and extensive (but easy-to-follow) documentation to help get started and implement a strong Customer Identity function.
In fact, with only a few lines of code, you can have Auth0 integrated into any app, written in any language, and in any framework.
Try for free and see for yourself.
About the author
Calah Vargas
Associate Manager, PLG