16 by n2d4 | 4 comments on Hacker News.
Hi HN! We're Zai and Konsti, and we're building Stack Auth ( https://stack-auth.com/ ), an open-source managed authentication and authorization platform. Basically, we build your login and signup pages, and everything that comes with that. Our GitHub repo is at https://ift.tt/fNJaOrz , and there’s a zero-budget demo video here: https://www.youtube.com/watch?v=LTkjdPf2E2Q Stack Auth was born out of years of frustration with the incumbents. We wanted to build something that is developer-friendly and open-source at the same time. The dominant player in this space is Auth0, who appeals to enterprises but lags behind in developer-friendliness and has strong vendor lock-in. A newer one is Clerk, which markets directly to devs, but is still entirely proprietary. Open-source solutions like Supabase Auth or Auth.js/NextAuth are only authN, and don't provide the rest of the toolchain. On the other hand, building your own auth infrastructure is tedious work. Rolling your own crypto is already hard enough, but on top you'll have to deal with OAuth flows, access tokens, RBAC, permission syncing, API keys, and so on. Most handcrafted OAuth or password-based applications in the wild are vulnerable in at least some of these areas. To us, the solution to this was obvious, so we decided to build it. Stack Auth is 100% open-source, licensed under MIT and AGPL. You can self-host, or choose to use our managed hosting. If you choose the latter, there's no lockin. You can export all your data and/or start self-hosting at any time. Also, we're more than just authentication — we have authorization (orgs, teams, permissions, RBAC) and user management (impersonation, user dashboard, webhooks). One interesting feature is what we call "connected accounts": we can manage and refresh your OAuth access tokens even for services that your users don't use for sign in, such as when accessing GMail or OneDrive APIs. We also have a bunch of components for sign in, password reset, and organizations. For now, we only support Next.js frontends and backends in any language with our API, though our REST API docs ( https://ift.tt/NcT7jDv ) also contain the client endpoints, and some contributors have been building frontends for other languages. For more info, check out our GitHub repo above, or our documentation ( https://ift.tt/FWGmva8 ). Would love to hear about your own stories and opinions on auth. Also really curious to hear from anyone who's using one of our competitors and what aspects it would take for you to switch. Thanks all!
0 comments:
Post a Comment