Hacker News new | ask | show | jobs
by ahachete 1140 days ago
> Many of the core features are open source.

Out of the 15 features I see in https://supertokens.com/pricing, 7 are only proprietary. That's roughly half of them. Without qualifying the weight of every feature, it numerically raises a significant challenge to your statement.

SAML, OAuth and 2FA strike me as key components for me that are not open source.

---

So I stand by my words. I feel put off by a wording that makes me believe a project is open source, when it is open core. Even if you don't like open core or argue the definition is not clear (which I'd disagree), at least marketing it as open source so prominently is IMO misleading, and puts me off (and apparently I'm not alone here).

It's fair to have a business model on open source (obviously!) and I wish you all the luck. But being honest about your business model choices should be the #1 tenet.
1 comments
advaitruia 1139 days ago
|| Without qualifying the weight of every feature, it numerically raises a significant challenge to your statement.

Well i think that is the only thing that matters.

If I split all auth methods into the 6 different features it really is, then it becomes 13 free features.

The ones listed as not open source is to indicate what we plan to build for our paid offering. If we removed those and 13/13 were open source, would that change your views? If yes, then that qualification is pretty important.

SAML client and OAuth client are both free. You can add auth with any OAuth 2.0 provider to SuperTokens.

Being an OAuth 'provider' (emphasis) is not open source as it is a feature you need for complex use cases.

You can add 2FA with email or SMS in the open source product too (just requires some customizations and overrides)

link
ahachete 1139 days ago
> Well i think that is the only thing that matters

It's not the only thing that matters. It may matter more, but not all. Yet since I'm not your CPO/CMO I won't get into the effort into analyzing their weights ^_^

> SAML client and OAuth client are both free. You can add auth with any OAuth 2.0 provider to SuperTokens.

I'm not denying what you say, but in your pricing page I read:

* "SAML Auth" --only proprietary version

* "2FA" --only proprietary version

so if they are open source, this feature naming is confusing.

We can go back-and-forth debating the merits of the non-open sourced features. But that doesn't change the gist of my comment: you are advertising something as Open Source, where only a fraction (big or small) is, and I consider this misleading. At least for me. I find it more honest to remove that prominent Open Source calls and instead replace for less prominent comments about part of your software being open source (which is fine and great!). But this is just my 2 cents, take them or leave them ;)

[Edit: formatting]

link
advaitruia 1139 days ago
Agreed on feature naming - will fix!

Also I definitely understand your perspective and it makes sense. SuperTokens still is 100% open source - but you are right, as we evolve into a paid offering, there is scope for improvement

link
simplotek 1138 days ago
> Being an OAuth 'provider' (emphasis) is not open source

Being an OAuth provider is precisely what everyone expects from a self-described "open source authentication service". If Supertokens does not support that out of the box, it should not really be called an open source authentication service.

I understand you want to capitalize from your work, but I feel this is a gross misrepresentation of a project.

link