✅ Web APIs: Authentication Providers
I am getting set up with a basic web API that is basically glorified CRUD with a react SPA frontend with some external data providers, and I'm trying to get the dev setup fully integrated. My main problem is around authentication. Previously I have used username + password auth with asp.net identity, but I would like social login providers, SAML SSO, etc, so was planning on going with an alternative. That seemed to be one of:
1. Auth0, Microsoft Entra ID, AWS Cognito, etc managed solutions
2. Duende Identity Server / Keycloak / another local solution
My concern with (1) is a combination of vendor lock-in / cloud lock-in(?) despite the strong security guarantees and flows and UI already configured and that there is no clear way of using these services for development. My concern with (2), however, is that this is overkill, a lot of devops work when it goes live, and introduces a security risk
Anyone have any experience with either of these and can tell me why they chose what they chose? Thanks :)
1. Auth0, Microsoft Entra ID, AWS Cognito, etc managed solutions
2. Duende Identity Server / Keycloak / another local solution
My concern with (1) is a combination of vendor lock-in / cloud lock-in(?) despite the strong security guarantees and flows and UI already configured and that there is no clear way of using these services for development. My concern with (2), however, is that this is overkill, a lot of devops work when it goes live, and introduces a security risk
Anyone have any experience with either of these and can tell me why they chose what they chose? Thanks :)
