It’s not quite rolling my own auth, but the first time I implemented auth using openauthjs in Cloudflare for SemHub, it took me one week.

• It had to figure out everything from CORS to storing challenge state to setting cookies, not to mention the hundred small little things to ensure DRY and type-safety
• The cookies bit was optional — I did not want to take the “easy path” out by using local storage. As cookies can only be stored on HTTPS, I had to do some self-signed cert thing to make local dev HTTPS and so many more shenanigans that I cannot remember anymore.
• I even found a security loophole in the library author’s own auth implementation (afaict, I don’t think he got around to fixing it).

The second time, I implemented auth on an AWS stack (the most critical difference being storing the challenge state in DynamoDB instead of Cloudflare KV) and it took me one day. This took me longer than I’d like, and the main blocker was figuring out how to pass cookies from the Cloudfront router to my Lambda (many hoops to jump through).

It’s working now, I am glad. Many more happy coding days to come.