Source URL: https://blog.hyperknot.com/p/comparing-auth-providers
Source: Hacker News
Title: Comparing Auth from Supabase, Firebase, Auth.js, Ory, Clerk and Others
Feedly Summary: Comments
AI Summary and Description: Yes
**Summary:** The text discusses the author’s journey in selecting an authentication solution for a new web application, emphasizing the importance of reliable auth systems. Key concerns include user logout behavior, session management, and integration challenges with several popular auth providers. The analysis provides insights into the pros and cons of various authentication services, making it particularly relevant for software developers and security professionals.
**Detailed Description:**
– The author, Zsolt Ero, reflects on his experience building a web application and a browser extension, planning to integrate Single Sign-On (SSO) for user authentication.
– Key requirements for the chosen auth solution include:
– Reliability in keeping users logged in unless they choose to log out.
– Support for Google and GitHub SSO.
– Affordable pricing for a freemium business model, with a preference for self-hosting options.
– The author expresses his intention to evaluate various auth providers from a developer’s perspective.
**Main Concerns and Findings:**
– **Session Management**: The author highlights significant issues with session lifetime settings, particularly with Supabase Auth, where users experience random logouts and poor session management options (e.g., lack of session lifetime customization).
– **Security Considerations**: The text details security vulnerabilities associated with cookie handling in some solutions, emphasizing the risks of client-side storage for sensitive authentication tokens.
– **User Experience**: The author notes the importance of a smooth and stable user experience, pointing out deficiencies in documentation and technical support among several auth providers.
– **Comparison of Authentication Solutions**:
– **Supabase**: Praised for its cost-effectiveness and integration with PostgreSQL but criticized for its failure to manage sessions adequately.
– **NextAuth.js**: Lacks proven security standards, raising doubts about its long-term viability.
– **Clerk and FusionAuth**: Both offer well-structured solutions but may not fit all business models due to pricing and complexity.
– **Firebase**: A robust offering with experience but with concerns about future pricing and integration challenges.
– **Final Recommendations**: After extensive evaluation, the author concludes:
– If budget allows, opt for Clerk.
– If backend experience exists, choose Ory for self-hosting.
– For simpler needs, Firebase remains a viable option, though dependent on future developments.
The text serves as a guide for security professionals and developers looking to navigate the complex landscape of authentication options, pointing towards critical considerations such as vendor lock-in, security, and the balance of usability versus complexity in selecting an auth provider.