What IAM / Authentication for B2C to pick if hosted solutions is not an option?
For some reason Cleck/Auth0 is not an option, that must be something that I can selfhost.
Also something that I'm really looking for is Authentication with local credential (password, passkeys, password-less etc) in native apps without OIDC webview popup (until Oauth for firstparty apps is released and adopted OIDC is PITA in this regard) but with most providers as I understand this is not an option.
Self service UI or API for building self service UI.
It looks like there are a ton of options but all of them half-baked or poorly suited for B2C.
- ZITADEL have gone through multiple versions of APIs with breaking changes, in B2C mode UI is littered with "Orgatnizations'' stuff, and thier branding so requires full rebuild through thier API.
- Logto, haven't tested out yet.
- Hanko looks promising, leans heavily into passkeys, but other wise very barebones, their "flows" API is interesting, provides "elements" for UI.
- Supertokens can't really understand how they position themselves.
- Keycloak chonky java boi, tried and tested, needs a java dev for customization.
- ory.sh kratos also tried and tested, requires building ui from scratch.
this are some options, all have thier pros and cons, so I fell into analysys paralysis, maybe you have some experince with this solutions or some other that you can share?
Bringing something like Supabase JUST for authentication seems excessive to say the least.
Also something that I'm really looking for is Authentication with local credential (password, passkeys, password-less etc) in native apps without OIDC webview popup (until Oauth for firstparty apps is released and adopted OIDC is PITA in this regard) but with most providers as I understand this is not an option.
Self service UI or API for building self service UI.
It looks like there are a ton of options but all of them half-baked or poorly suited for B2C.
- ZITADEL have gone through multiple versions of APIs with breaking changes, in B2C mode UI is littered with "Orgatnizations'' stuff, and thier branding so requires full rebuild through thier API.
- Logto, haven't tested out yet.
- Hanko looks promising, leans heavily into passkeys, but other wise very barebones, their "flows" API is interesting, provides "elements" for UI.
- Supertokens can't really understand how they position themselves.
- Keycloak chonky java boi, tried and tested, needs a java dev for customization.
- ory.sh kratos also tried and tested, requires building ui from scratch.
this are some options, all have thier pros and cons, so I fell into analysys paralysis, maybe you have some experince with this solutions or some other that you can share?
Bringing something like Supabase JUST for authentication seems excessive to say the least.
IETF Datatracker
This document defines the Authorization Challenge Endpoint, which supports a first-party client that wants to control the process of obtaining authorization from the user using a native experience. In many cases, this can provide an entirely browserless OAuth 2.0 experience suited for native applications, only delegating to the browser in unexpe...
ZITADEL gives developers all they need to integrate identity management. Easy as pie. Ready when you are — because serverless. At yours or ours — because open source.
Open source, privacy-first, and built to scale. Hanko is the fastest way you integrate passkeys, 2FA, SSO, and more—with full control over your data. Move between self-hosted and Hanko Cloud anytime. No lock-in. Just auth how it should be: secure, fast, user friendly, and fully yours.
Open Source User Authentication. Build fast, maintain control, with reasonable pricing.
Was this page helpful?
