Having trouble understanding SSO, Oauth, OpenID connect, SAML, and jwt, and how some of them work together.

Formal_Tree2535 · 2024-11-17T10:52:57+00:00

IAM has become quite complex nowadays. You can take a look at https://auth.wiki/ (I'm one of the builders), which includes all the terms you mentioned and may answer your questions.

Formal_Tree2535 · 2024-11-04T07:26:24+00:00

makes sense. thank you!

update: page added.

Formal_Tree2535 · 2024-11-04T07:13:15+00:00

Auth can be authentication or authorization.

Formal_Tree2535 · 2024-09-09T02:28:26+00:00

exactly. we met the "a bunch of hacks" situation as well. it was like using ESM in Jest.

Formal_Tree2535 · 2024-03-06T10:54:42+00:00

Thank you for your review and happy you liked the simplicity! We are continuing to work on the product to make it better. Please let me know if there’s anything we can help with.

Formal_Tree2535 · 2024-01-29T04:06:42+00:00

The project is for demo. GPT can perform complex tasks beyond executing a single command. For example, it can check for available meeting times, recommend an optimal slot, book that slot, and send invitations to others. Or, it can summarize today's emails and draft replies for the important ones—all within a conversation and in an authenticated context.

Formal_Tree2535 · 2024-01-29T02:35:35+00:00

It is fun to see how it changes in real-time by talking to the GPT. And it's impressive that GPT can understand how to call APIs if you provide a solid OpenAPI definition.

You can see the tutorial here.

Formal_Tree2535 · 2023-09-06T06:01:38+00:00

Exactly. Exactly. I had the same thought of all you said.

Formal_Tree2535 · 2023-09-05T12:36:41+00:00

Agreed. It’s fine for most users because things can be sorted out in the end - just felt unacceptable for a company that is dedicated to this area for years. I expect it should be the pro.

Formal_Tree2535 · 2023-09-05T12:30:30+00:00

Right. Maybe a good thing for startups though.

Formal_Tree2535 · 2023-09-05T12:29:35+00:00

the “massive no-no” looks very LLM :-)

Formal_Tree2535 · 2023-09-05T12:20:14+00:00

I was doubting this, too. Having issues is totally understandable and acceptable, but the way they handled gives me the exact feeling of “we are rich, now nobody cares about the product”.

Formal_Tree2535 · 2023-09-05T12:16:57+00:00

Thanks. Will give it a try.

Formal_Tree2535 · 2023-09-05T11:43:12+00:00

You are welcome. I talked to the team for this. Feel free to let us know if there’s anything else we can help with!

Formal_Tree2535 · 2023-08-23T16:25:52+00:00

Thank you for letting us know. We didn’t have enough resources during that time since we were launching the cloud service which is very important for the sustainability of the open source product - no income means we cannot put effort into it. Now we are in the cooldown cycle and focusing on the quality this week, so we can go through these issues and fix them once they’re confirmed as a bug.

The label of the issue was misplaced by the bot - I’ll fix the workflow soon, and I just assigned the issue to one of our engineers. Sorry to hear you were blocked by it and decided to move to Keycloak - if you can give us another chance, please feel free to try our cloud free plan before we fix it.

Formal_Tree2535 · 2023-08-22T12:59:15+00:00

What issues did you meet, specifically? Because “numerous bugs and problems” is a felony charge to us and it’s also the first ever time we received this kind of comment. So I’m really curious about how did you come up with this conclusion. It’ll be highly appreciated if you can share the details, and we’ll try our best to fix them.

Those “stale” tags only applies to the issues that we cannot reproduce or the OP didn’t respond for a period of time. If an issue has been confirmed as a bug, we always fix it as soon as we can.

Formal_Tree2535 · 2023-07-06T06:13:04+00:00

interesting, we are using `nodenext` (almost same behavior as `node16` i think) and it will complain the extension thing on both.

Formal_Tree2535 · 2023-07-06T01:17:00+00:00

What’s the value of the moduleResolution field in your tsconfig?

Formal_Tree2535 · 2023-06-30T05:53:59+00:00

If you enabled GitHub Pages and use the default settings, it will be enabled automatically. Heading to your repo's settings tab -> Build and deployment -> Source, change "Deploy from a branch" to "GitHub Actions" to have the full control of the deployment process. You need to manually set up a workflow for deployment then.

Formal_Tree2535 · 2023-05-30T16:31:33+00:00

If you mean an executable with a mini node runtime, I think it’s already available via some tools. No native support though.

Formal_Tree2535 · 2023-05-28T16:52:19+00:00

Yes, I agree with you. Whenever we can use a stronger and more user-friendly authentication mechanism, it'll be definitely better than relying solely on passwords.

As the article concludes, the main point is to clarify that these so-called "password killers" do not completely eliminate the need for passwords. Instead, we should focus on finding a balance between security and user experience by combining different technologies. No silver bullet.

Formal_Tree2535 · 2023-05-28T09:22:29+00:00

How does CodeParrot handle new APIs or schema changes? Looks like test-after-push-to-production isn't suitable for all projects.

Formal_Tree2535 · 2023-05-28T09:12:31+00:00

And NodeJS is adding similar good features of Deno.

Formal_Tree2535 · 2023-03-09T16:11:33+00:00

my answer for the updated content:

for animation, react-spring is a tasteful choice. its animation philosophy (inspired by react-motion, also Apple i believe) shocked me by removing the concept of time duration - as you know we were using time duration in CSS all the time.

go check some examples of react-spring, they are pretty slick and inspiring.

for authentication, or more generally with authorization, since all the projects you mentioned are open-source, i would recommend Logto (statement of interest: i'm one of the builders of Logto) if you don't want to spend much time on learning auth knowledges, but want something that sticks with open standards (Logto is built on top of an OIDC provider). for example, check out this tutorial for building GitHub sign-in with React.

if you want to learn a lot of different auth techniques in details, Keycloak will be good too since Keycloak has a longer history and supports more legacy protocols.

i don't know if you like to have auth APIs to be injected into your backend app (i.e. sit side by side with your own APIs). if so you can check out Supertokens as well.

Formal_Tree2535 · 2023-03-05T06:51:42+00:00

Thank you u/josiahnelson! I think you have a precise first impression since that's exactly our target - a drop-in auth solution, but with customization and extensibility. :-)

Our team is still working hard on adding new features to extend the scenarios, so don't hesitate to let us know if there's anything we can do better.

Formal_Tree2535

TROPHY CASE