Pit Rho has been a Stormpath customer for over a year now and we’re excited to share this post on their experience from Founder and CTO, Gilman Callsen.

Pit Rho was founded in late 2012, initially focused on building strategy software for motorsports. Since then, we’ve expanded to building other machine learning-based products along with providing machine learning and data science consulting. As a side project, we put together a fantasy NASCAR website. We didn’t want to deal with all of the authentication stuff again… and that’s where Stormpath came in.

Using Stormpath for our NASCAR fantasy site was so incredibly easy that it just became our de facto standard. If you need authentication, I have found no other mechanism by which you could get a site up and running as quickly as you can with Stormpath.

screen-shot-2016-10-19-at-4-46-17-pm

What we learned from building user management in-house

My co-founders and I are all entrepreneurs who just happened to walk into the world of NASCAR. Being a bunch of nerds, we looked around and saw data floating around but nobody doing much with it – that’s where our first product came from.

That first product we built was an Enterprise application with a small numbers of users. We built it from the ground up, including our own authentication system.

My co-founders and I had all gone through the process of building authentication from scratch at least once before. It’s a pain, and one of the things you realize, if you’ve done it a few times, is that you don’t actually know what you don’t know, particularly as it relates to the security implications. Because we’re not focused on security 24/7, I certainly don’t feel confident that I’m up to speed on all the latest vulnerabilities or how to best protect our users.

Not only is authentication just a pain to get working, but even though most frameworks have some form of authentication, it still ends up taking a decent amount of time and there is a lot of room for error.

Secure user authentication for our clients

Now, we have the fantasy application that’s using Stormpath and we’ve started using Stormpath for other customer applications, including for a customer in the IoT space. Their user count is still low, but it’s expected to grow and we’re going to continue to use Stormpath as it does.

Not only do we rely on Stormpath for user registration, authentication, and things like password recovery but we also heavily utilize Stormpath’s customData resource. After a user has already been authenticated into our application, customData makes it really flexible for us because we can add on a lot of metadata related to a person that we don’t have to deal with managing in a database.

For example, on our NASCAR site we use Stripe to manage payment information. We then store what membership level a customer has paid for in their account’s customData in Stormpath. That way, not only are we getting out of the business of payment processing, but we also don’t have to try to store all of that subscription information in yet another system—Stormpath does it.

screen-shot-2016-10-19-at-5-50-26-pm

User management in Python and Flask

We’re integrated with Stormpath’s Python integration for Flask, Flask-Stormpath. Over the past couple of years, we’ve contacted the Stormpath team with questions and feature requests and we’ve been impressed with the responsiveness of the team.

For us, the hardest part of integrating Stormpath was teaching ourselves the organizing principles the API uses: applications, organizations, directories, groups, accounts. That requires a little bit of a learning curve, necessarily, because what you’re doing is fitting yourself into that organizing principle, which may or may not be congruent with how you thought about user accounts in the past. Once you get that, the integration of Flask-Stormpath, for example, took no time at all.

To those who have never done authentication on their own, I say go look at the Stormpath documentation, see how they do it, and at a minimum, test it for yourself to see how quick it is. For those who have tried to roll your own authentication system, think about all the pain and time you’ve spent on not only setting it up and getting the models correct, and then doing the user registration, social login, password reset, all those little details that are simply required these days. All those features are already baked into Stormpath, right out of the box. The devil is in the details with user management and Stormpath just makes it really easy.

Thanks Gilman!

We’d love to have you take Stormpath for a test drive, just like the team at Pit Rho did. You can register for your free developer account right here, or check out these resources for more information: