|
|
|
|
|
|
by unscaled
482 days ago
|
|
|
Auth0 is owned by Okta, not the other way around, and it used to be an independent company. I don't particularly like the way Auth0 works (like only supporting JWT for access tokens), but as far as I know they have not been impacted by the Okta hacks. I don't think startups who went with Auth0 or AWS Cogito are necessarily "doing it wrong". It's a question of resources and focus. Writing your own authentication solution requires some expertise (especially if you're basing it on OAuth), but there are mature frameworks like Passport (for Node.js/Express) and Devise (for Ruby on Rails). You still need to be careful when setting up these things (there are so many authentication options for Passport.js some of them are bound to be bad), but it's better than rolling your own. Unfortunately, I'm not aware of anything at this maturity level for Rust. Side note: Note everything that's out there and mature is easy to use correctly. Keycloak is probably more of an Okta than Auth0, in that it is focused on the Enterprise world. It's extremely flexible, and I'm sure you can build secure and performant setups based on Keycloak - it's just that I've never seen one, and I've seen quite a few Keycloak setups. |
|
|
https://github.com/lastlogin-net/obligator?tab=readme-ov-fil...