Pick an auth mechanism

[srid]

• [ ] Research and pick one
• [ ] Should we go https only (unless --allow-insecure-http)? Esp. if using basic auth or cookies

  Options

• Mozilla Persona - Unfortunately it is not suitable for mobile browsers.
• Cookies - Use SSL sitewide, and then use your framework's standard session tracking. (ref
• Auth0 (subscription)