IdentityServer
FrameworkBenchmarks
IdentityServer | FrameworkBenchmarks | |
---|---|---|
16 | 366 | |
1,341 | 7,391 | |
2.0% | 0.4% | |
9.4 | 9.8 | |
1 day ago | about 10 hours ago | |
JavaScript | Java | |
DUENDE™ SOFTWARE LICENSE AGREEMENT | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
IdentityServer
-
Identity server 4
Its deprecated in favor of Duende Identityserver which introduced a license model.
-
How does cookie based authentication work?
Tokens usually have a lifetime and they are separate from the user's authentication principals like username and password. Unless you are rolling your own form of token provider (not something that would be recommended) the token creation is handled for you. Take a look at https://identityserver4.readthedocs.io/en/latest/ or if your organization makes under 1M in income a year the free version of what Identity Server progressed into https://duendesoftware.com/products/identityserver
- Ask HN: Examples of Top C# Code?
-
ImageSharp leaving the .NET Foundation due to licensing change
I think Duende (Identity Server) handled the situation pretty well.
https://duendesoftware.com/products/identityserver
> Standard License Pricing
-
Seeking people for collaboration on open source projects I started. Also open to ideas. Preferably long-term. I can help you learn and you can help me with other things, such as coding, UI and more. Beginner friendly. Safe environment.
Thanks for your message. No, the idea was not to re-implement OAuth nor OpenID stuff. What I had in mind for the authentication thingy was something like this: https://laravel.com/docs/9.x/sanctum. If we want to go the OAuth/OpenID way, in .NET we have this one: https://github.com/DuendeSoftware/IdentityServer.
- If you were tasked with implementing Identity and Access Management today, what would you do?
-
Bytebase: 20-Person Startup, 30 SaaS Services, and $1,183 Monthly Bill
> As you said, there are plenty of local options that you only need to run.
I think managed databases are a good analogy here. While I might run my own PostgreSQL/MariaDB instance, many out there won't be overjoyed at the idea of actually needing to run and manage the damned thing, as well as set up some kind of alerting and handling the need to eventually scale it up.
> It also has the largest risk of compromise and data leaking from any service you may use...
PII is definitely a big concern, even if something like password hashes aren't too useful on their own (provided that they're salted), though in cases like that it might actually make a lot of sense to utilize a widely used and tested solution that's specialized for this particular use case.
In many cases, thousands of people across the globe will be able to develop something and squash any bugs in it better than you might be able to do individually or with your own team, though there might be a few exceptions out there. Auth is probably not one of the cases where you want to write code without a lot of eyes on it.
> ...the largest amount of potential lock-in...
This is debatable: standards like OAuth2 and OIDC technically make many of the solutions and libraries way more pluggable and make it easier to choose between various implementations, depending on your needs.
Of course, something like Keycloak also has its own API (as do many of the cloud offerings) so if you build too much automation around a particular implementation, then that advantage partially goes out the window.
> ...and the least need for integration.
I'm not sure about this, it probably depends on your architecture. If you have a monolithic web app, then you probably don't need a separate turnkey/SaaS solution, whereas if you have an ever growing number of services, whilst you want to manage authentication and accounts against all of them centrally, then something like Keycloak (or one of the cloud alternatives) become way more lucrative.
That said, I'd still opt for self-hostable options whenever possible, albeit I also don't trust cloud based password managers and such, preferring something like KeePass instead. I've probably just come to a different conclusion in regards to usability/responsibility/features/security than some other people.
Sadly, there aren't that many good options out there at the moment, apart from Keycloak. For example, IdentityServer is promising, but went in a commercial direction: https://duendesoftware.com/products/identityserver#pricing
-
Why is authentication such a sh*t show with .NET 6?
He's referring to IdentityServer 3/4, which was open sourced, and was not owned by Microsoft. That 3rd party is commercializing their work (and to be fair, it's a lot of work) as https://duendesoftware.com/products/identityserver , and has a different commercial licensing model.
-
Show HN: Open-Source Identity Server Written in Go (Ory Kratos)
https://github.com/DuendeSoftware/IdentityServer/blob/main/L... does not seem to square with any definition of "open source" I'm familiar with, and that goes double for having an in-repo file that just says "read this unversioned pdf on some other site"
-
Creating JWT token auth yourself - is it secure?
I would not recommend it. There is a server named Duende identity server which you can host locally.
FrameworkBenchmarks
-
Why choose async/await over threads?
Neat. Thanks for sharing!
Interestingly, may-minihttp is faring very well in the TechEmpower benchmark [1], for whatever those benchmarks are worth. The code is also surprisingly straightforward [2].
[1] https://www.techempower.com/benchmarks/
[2] https://github.com/TechEmpower/FrameworkBenchmarks/blob/mast...
-
Ntex: Powerful, pragmatic, fast framework for composable networking services
ntex was formed after a schism in actix-web and Rust safety/unsafety, with ntex allowing more unsafe code for better performance.
ntex is at the top of the TechEmpower benchmarks, although those benchmarks are not apples-to-apples since each uses its own tricks: https://www.techempower.com/benchmarks/#hw=ph&test=fortune&s...
-
A decent VS Code and Ruby on Rails setup
Ruby is slow. Very slow. How much you may ask? https://www.techempower.com/benchmarks/#hw=ph&test=fortune&s... fastest Ruby entry is at 272th place. Sure, top entries tend to have questionable benchmark-golfing implementations, but it gives you a good primer on the overhead imposed by Ruby.
It is also not early 00s anymore, when you pick an interpreted language, you are not getting "better productivity and tooling". In fact, most interpreted languages lag behind other major languages significantly in the form of JS/TS, Python and Ruby suffering from different woes when it comes to package management and publishing. I would say only TS/JS manages to stand apart with being tolerable, and Python sometimes too by a virtue of its popularity and the amount of information out there whenever you need to troubleshoot.
If you liked Go but felt it being a too verbose to your liking, give .NET a try. I am advocating for it here on HN mostly for fun but it is, in fact, highly underappreciated, considered unsexy and boring while it's anything but after a complete change of trajectory in the last 3-5 years. It is actually the* stack people secretly want but simply don't know about because it is bundled together with Java in the public perception.
*productive CLI tooling, high performance, works well in a really wide range of workloads from low to high level, by far the best ORM across all languages and back-end framework that is easier to work with than Node.JS while consuming 0.1x resources
-
The Erlang Ecosystem [video]
Although that seems to have improved in recent years.
https://www.techempower.com/benchmarks/#hw=ph&test=json§...
-
Ruby 3.3
RoR and whatever C++ based web backend there is count as a valid comparison in my book. But comparing the languages itself is maybe a bit off.
On a side note, you can actually compare their performance here if you’re really curious. But take it with a grain of salt since these are synthetic benchmarks.
https://www.techempower.com/benchmarks
-
API: Go, .NET, Rust
Most benchmarks you'll find essentially have someone's thumb on the scale (intentionally or unintentionally). Most people won't know the different languages well enough to create comparable implementations and if you let different people create the implementations, cheating happens. The TechEmpower benchmarks aren't bad, but many implementations put their thumb on the scale (https://www.techempower.com/benchmarks). For example, a lot of the Go implementations avoid the GC by pre-allocating/reusing structs or allocate arrays knowing how big they need to be in advance (despite that being against the rules). At some point, it becomes "how many features have you turned off." Some Go http routers (like fasthttp and those built off it like Atreugo and Fiber) aren't actually correct and a lot of people in the Go community discourage their use, but they certainly top the benchmarks. Gin and Echo are usually the ones that are well-respected in the Go community.
-
Rage: Fast web framework compatible with Rails
There is certainly a lot of speculation in Techempower benchmarks and top entries can utilize questionable techniques like simply writing a byte array literal to output stream instead of constructing a response, or (in the past) DB query coalescing to work around inherent limitations of the DB in case of Fortunes or DB quries.
And yet, the fastest Ruby entry is at 274th place while Rails is at 427th.
https://www.techempower.com/benchmarks/#hw=ph&test=fortune&s...
-
Node.js – v20.8.1
oh what machine? with how many workers? doing what?
search for "node" on this page: https://www.techempower.com/benchmarks/#section=data-r21
-
Strong typing, a hill I'm willing to die on
JustJS would like a word https://www.techempower.com/benchmarks/#section=data-r20&tes...
-
Rust vs Go: A Hands-On Comparison
In terms of RPS, this web service is more-or-less the fortunes benchmark in the techempower benchmarks, once the data hits the cache: https://www.techempower.com/benchmarks/#section=data-r21
Or, at least, they would be after applying optimizations to them.
In short, both of these would serve more rps than you will likely ever need on even the lowest end virtual machines. The underlying API provider will probably cut you off from querying them before you run out of RPS.
What are some alternatives?
Keycloak - Open Source Identity and Access Management For Modern Applications and Services
zio-http - A next-generation Scala framework for building scalable, correct, and efficient HTTP clients and servers
openiddict-core - Flexible and versatile OAuth 2.0/OpenID Connect stack for .NET
drogon - Drogon: A C++14/17 based HTTP web application framework running on Linux/macOS/Unix/Windows [Moved to: https://github.com/drogonframework/drogon]
Ory Hydra - OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Works with Hardware Security Modules. Compatible with MITREid.
django-ninja - 💨 Fast, Async-ready, Openapi, type hints based framework for building APIs
node-oidc-provider - OpenID Certified™ OAuth 2.0 Authorization Server implementation for Node.js
LiteNetLib - Lite reliable UDP library for Mono and .NET
YARP - A toolkit for developing high-performance HTTP reverse proxy applications.
C++ REST SDK - The C++ REST SDK is a Microsoft project for cloud-based client-server communication in native code using a modern asynchronous C++ API design. This project aims to help C++ developers connect to and interact with services.
Hot Chocolate - Welcome to the home of the Hot Chocolate GraphQL server for .NET, the Strawberry Shake GraphQL client for .NET and Banana Cake Pop the awesome Monaco based GraphQL IDE.
SQLBoiler - Generate a Go ORM tailored to your database schema.