Hacker News new | ask | show | jobs
by benjaminjosephw 1366 days ago
So it turns out that when you outsource auth, you also outsource some of the governance on who can access your platform.

Isn't access control a set of patterns rather than a service? When did it stop being a core competency of web applications?
3 comments
viraptor 1366 days ago
I think you're missing the point of okta. It's not for access control to your specific application. It's for companies to deal with many groups of users and on/off boarding easily.

It transforms "Andy is andy@foo on service A, AndyA on service B, aaaandy on service C, maybe has two factor enabled on some of them and hopefully hasn't joined other groups to give them access" into "Andy is andy@company in Okta and we can turn services on/off and set policies as needed".

link
mschuster91 1366 days ago
> When did it stop being a core competency of web applications?

Turns out, login is surprisingly hard. It will be the first and most important focus point for attackers - SQL injections, DDoS attacks, captchas, griefers intentionally using wrong passwords to lock someone else out... with Okta and other products of its kind, all an application developer needs to do is to check some token.

Another huge part is that in the "old" world there was only one player for any kind of centralized authentication: LDAP. While there were and are multiple LDAP server implementations (OpenLDAP, MS AD, Samba and a bunch of smaller ones), only Microsoft's AD has a somewhat comfortable and usable management application - but even that is using old-school Windows UI and you need a MS desktop to manage it. Everyone else? Either use Apache Directory Studio, some barely working web management UI (phpldapadmin, GOsa) or heaven forbid plain LDIF files.

In contrast, working with anything of the "modern authentication" solutions is a breeze.

link
pelagicAustral 1366 days ago
I’m curious to know if there are any oss alternatives for similar services.
link
wg0 1366 days ago
Ory, Keycloak, Authelia and bunch of others come to mind if that's exactly what you're looking for.
link
nailer 1366 days ago
If you just need oauth2 + openid connect, you can install a library from your Open Source package repository of choice.
link
dt3ft 1366 days ago
keycloak
link