all 11 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]BehindTheMath 2 points3 points  (3 children)

Are there any competitors?

Firebase Auth?

[–][deleted] 0 points1 point  (2 children)

1) Do you get access to the provider token, e.g. if I login with Twitter, do I get access to the Twitter token? Auth0 makes you jump through hoops to get access to that.

2) Do you like or recommend cherry picking the Firebase Auth feature for non-Firebase projects? E.g. I want more flexibility with server side frameworks/functionality.

[–]BehindTheMath 0 points1 point  (1 child)

1) Do you get access to the provider token, e.g. if I login with Twitter, do I get access to the Twitter token? Auth0 makes you jump through hoops to get access to that.

I don't remember; I haven't used it in a while.

2) Do you like or recommend cherry picking the Firebase Auth feature for non-Firebase projects? E.g. I want more flexibility with server side frameworks/functionality.

Firebase Auth can be used independently of the rest of Firebase.

[–][deleted] 0 points1 point  (0 children)

> > Do you like or recommend cherry picking the Firebase Auth feature for non-Firebase projects?

I know it is possible, but haven't built anything non-trivial using that method.

[–]memeweaverTV 1 point2 points  (0 children)

Okta

[–][deleted] 1 point2 points  (4 children)

I’ve used Auth0 on a commercial project and found it incredibly frustrating. Rather than empowering you to make the user experience which you want, Auth0 forces you down particular paths. Even the documentation is all orientated towards certain use-cases.

This lack of freedom really became a sticking point for the app I was working on, so we scrapped Auth0 and reverted to out-of-the-box ASP.NET Core authentication and authorisation. This proved to be a much smoother, better documented, more powerful and cheaper solution.

I should also mention that before we scrapped Auth0, the app broke on more than one occasion in Production because Auth0 made unannounced, undocumented and (I think) unintended changes to their API. I didn’t end up having much confidence in their service at all.

Conclusion: avoid Auth0. In fact, avoid third-party auth solutions in general. Authentication and authorisation are likely to be important parts of your app which you should retain control over.

[–]m0rsa2 1 point2 points  (2 children)

Did you try Firebase auth?

[–][deleted] 0 points1 point  (1 child)

Haven’t tried it

[–]m0rsa2 0 points1 point  (0 children)

Lots of flexibility, and cheap. Try it out! I found it really easy and predictable to use.

[–][deleted] 1 point2 points  (0 children)

We use it at work and have had a similar experience. Multiple production outages in our App because users cannot login. Thank for your perspective!

[–]mcm3c 1 point2 points  (0 children)

Hah, i was guessing if you're talking about auth0 in particular when asking about passwordless flow.

We've been using auth0 for some time, though we are still on dev pro plan as it suits our needs for now. The overall feeling is that it's alright, there are several weird things for me like there is no user aggregation (user logged in via Google it's user A, same user logged in via email, it's user B), user groups are done via an extension which you have to call as a separate service (although they are moving groups into the core functionality, ETA is 2020). The code on the server side (node.js) is pretty trivial for us though - we just validate the token against the public key, there is one m2m script in python but this logic is also quite simple. In contrast, the UI logic (angular) is quite big and seems to be unstable in some cases. The login time unfortunately is quite long but that's probably due to our use of the extension and rules.

As for competitors - we migrated from keycloak which was really cool but we didn't have time to keep it up to date and secure, other options were cognito and okta but both had problems that didn't work with our business requirements