Self Managed Auth (Ditch Auth0) #53
Comments
|
Some good points here 🙌 I think the primary pain points are short-lived sessions and data ownership. Registration links would also be great. Even though Auth0 turned out to be a poor fit, I am still in favor of using a dedicated provider for handling auth. The lock-in and policy restrictions might simply be solved by self-hosting instead of using a managed solution. That will hopefully give us a more flexible system without sacrificing the benefits of an existing solution designed and maintained by smarter people 🙃 By following existing standards it will probably be easier to integrate with any foreseeable clients as well. That being said, building a custom solution is still a valid option. Maybe our case is just so simple and niche that it's the most viable one. But I want to give the existing solutions a fair chance first. Rolling our own auth is not a walk in the park... To kick things off: Keycloack is worthy of investigation. Well-established, open, maintained by Red Hat and compatible with e.g. NextAuth.js. |
|
I am neutral as to whether we self host or use a dedicated provider, as long as the pain points of Auth0 gets resolved 😛 The most important thing is to enable data ownership, so that we in the worst case can move solutions if the one we go for has some new pain points. It is so annoying to tell all the users to set new passwords every time we switch providers. 👀 |
|
Auth.js (formerly NextAuth) seems pretty cool 🚀 |
|
Not sure I am a fan of their official docs tho, where they suggest you install the beta version 🔫 |
|
Supertokens seems like a cool alternative to Keycloak https://supertokens.com |
It would be really cool to manage auth ourselves, and not depend on Auth0s conventions and pitfalls. Handling this ourselves has multiple benefits:
Feel free to use this issue as a discussion board/idea list for the new auth solution.
The text was updated successfully, but these errors were encountered: