[mffap]

ZITADEL would be a good choice if you have multiple tenants and want delegate things like access management and configuring auth per tenant in self-service - that part comes out of the box with ZITADEL and could save you quite some development. I wanted to throw that in, because for the authentication part most solutions would match your requirements, but keep also authorization and auditability in mind.

That being said with ZITADEL you can also move between self-hosted and cloud: https://zitadel.com/docs/guides/migrate/sources/zitadel

ps: I'm biased (see bio).

[nik2303]

I played around with Zitadel. It looked a bit too confusing with too many UI options in it. My tech stack is this: React on frontend, NestJs on backend, React Native for mobile app (this is currently not in scope, so my playground at the moment is web app and backend).

Then I went to structure the Zitadel like this: 1 Organization has -> 1 Project has -> 2 Application.

Applications: - 1 User Agent (this I use on React side, I guess?) - 1 Web app (this I use in NestJs, I guess?)

And both applications have PKCE flow as Authentication Method. Then I check the API for application type and it has only Private JWT authentication method.

Can I have then 1 Web App/User Agent and 1 API application? or 1 Web App and 1 User Agent?

And if I use API application with private key JWT, what should be the auth method for other application?