Subscribe
Sign in
Autho — cross-platform login box for web and native apps.
13
Replies
Best
@kwdinc This is Jose, from @authzero, thanks for your very accurate comment and description!
Besides the social login, one of the most interesting aspects of using Auth0 in a Software-as-a-Service offering is that you can easily on board enterprise customers.
Typically, companies do not use social logins because employees quits or they are fired, and you don't want to revoke access to every software you use. This is the main reason that most companies will usually want to use their own directory on every application.
In a world where most software is moving from on-premises to the cloud, Identity is the new firewall.
https://auth0.com/why-auth0
We have a similar offering at @hull. Some developers think of it as a core feature they could never outsource, others are more than happy to not have to dig into this. Really polarized opinions though.
@rdardour yes, I've seen similar reactions. It's not that difficult (on the surface) to do username/password or FB logins. But then you add Twitter, and then account linking, and profile normalization, and wait...passwords need to be hashed, right? what was the algorithm for that? and then you add SAML and LDAP or Salesforce. Complexity explodes and outsourcing all this makes more sense.
@eugenio_pace Except when one data breach to their system means thousands of websites get compromised. Imagine the Target or Gawker data breach and then multiplied by every site they support. Curious as to how @authozero plans to get around this.
@mbesto in @authzero customers are separated in various containers. Sharing of infrastructure happens (like many might run on an environment in AWS, thus they "share" AWS), but we have various levels of compartmentalization. If one customer gets breached for whatever reason, it doesn't necessarily mean all others will.
Also, we offer @authzero as a (multi-tenant) service (with the provisions described above), also as a dedicated instance (only 1 tenant) running in our cloud, as an appliance on your cloud (we run on AWS, Azure, Joyent, DigitalOcean, Rackspace), or as an appliance on-premises. Ultimately, we give our customers the choice of where they want @authzero to be deployed.
Many of our larger customers have multiple deployments models co-existing. For example: on-prem for production, cloud for dev/test. It is the exact ame codebase, UI, API, etc. moving an app from one environment to another is a configuration setting (like a connection string for a database).
This is Matias (co-founder and CTO of @authzero). We built this product for developers. Here is what we do in plain english:
Feature-wise, we allow single sign on for multiple apps, connect with enterprise providers like SAML and Active Directory/LDAP, with +30 social providers and also username/password auth with the forgot pass and email verification. You can even plug your own database https://docs.auth0.com/mysql-con....
We use standard protocols, namely OpenID Connect and JSON Web Tokens (http://jwt.io) but provide an easy to use widget if you don't want to implement the protocol https://auth0.com/lock. We have SDKs for virtually anything https://docs.auth0.com and they are all OSS.
Once you plug Auth0 you can start using the user management dashboard to edit user info, login as a user, suspend, look at their activity, reporting & analytics.
One of the best features IMHO is the rules engine. We allow you to run node.js code as part of the authentication pipeline which gives you the last mile integration. RUles are OSS: https://github.com/auth0/rules.
Feel free to ask any question!
Top Hunter
@woloski glad to see you guys using OpenID Connect and not reinventing the wheel. I am, however, kind of surprised by this line on your CEO's LinkedIn profile: "CEO of Auth0, the emerging industry standard for authentication and authorization." ¹
Technically OpenID Connect is "the emerging industry standard for authentication and authorization". Auth0 looks more like a wrapper. Is that intentionally inaccurate? Not trolling, but I think it's important to be precise when talking about web technologies that may or may not be open source/open licensed. Can I fork Auth0?
¹ https://www.linkedin.com/pub/jon...
Mysuper.fan