Private Authentication as a Service ...
Any interest in having a private authentication as a service?
By private I mean:
- You own (and can host if you like) the data.
- We don't use the data for anything other than authenticating your users.
- If you choose to host yourself then we don't store any of your user data.
We would provide the ui part of the equation and optionally host the data if you prefer.
The service would make it dead simple to integrate authentication into your application. It would come with pre-built interfaces out-of-the-box and an API which means you could craft your own.
Perhaps this has been done already so I would also be happy to receive comments that say "Been done. Am happy. Here's a link".
Trending on Indie Hackers
Not saying you shouldn't do this but Netlify's GoTrue does some of what you say. They have a Go based API and a react UI layer. I experimented with it but never used in a real production environment so take w/ a grain of salt.
Thanks for the info
We tend to favor smaller SaaS startups for outsourcing certain tasks as services in our projects but for identity management, I wouldn't venture beyond Okta, Auth0 and maybe AWS Cognito.
Identity is serious business and these companies already provide rather affordable solutions with compliance and auditing included.
Very good points. Thank you. Part of my thinking was to do with the privacy aspects. Perhaps that is not a concern in dedicated IAM services. But putting that aside it looks a long reach to compete on features, dependability and trust.
I was thinking about something similar, even started coding it (geez how many started projects I have on my laptop!). I believe most of people are using Auth0 for stuff like this. They do not want to have any dependencies (own database). Auth0 is also allowing you to export your users if you want to migrate.
Lastly, you would need to have your servers in many locations in order to minimise connection speed to user database...
Yeah not going to beat Auth0 on features. Pricing seems competitive as well. Being comprehensive brings complexity though and I was imagining something simpler.
Indiehackers may go for a simpler or cheaper option but whether a workable pricing v demand point could be found is not clear to me.
Good point about the server locations. I was wondering about delays in connecting to user-hosted databases. Ultimately users would have the choice to self-host or not.
I've also been thinking about whether a simple standard client-server protocol exists for this or whether it is worth creating one. You could imagine swappable backends and frontends so developers could use their preferred stack.
Actually if I remember correctly Auth0 is a standard but it all got a bit hairy during the development. Something like that anyway.
Auth0 is not a standard. They use JWT signed tokens. Don't remember what algorithms they use by default, I think it's RS256. To validate the token, they do provide JWKS endpoints with public key (ofc you can also use their libraries).
I do agree with Pyro here that IAM is serious business, but at the end of the day, Auth0 was a startup at some stage as well. They started in 2013.
If you are looking for something simpler, you also have https://firebase.google.com/docs/auth/
That said - IAM is not easy, but if you have good knowledge of it, you might be able to find a niche for some simple solution. Good luck