auth0-spa-js
AppAuth-JS
Our great sponsors
| auth0-spa-js | AppAuth-JS | |
|---|---|---|
| 5 | 1 | |
| 876 | 966 | |
| 0.7% | 2.1% | |
| 8.5 | 0.0 | |
| 1 day ago | 10 days ago | |
| TypeScript | TypeScript | |
| MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
auth0-spa-js
-
Tell HN: Stytch Login SaaS Unicorn has common auth vulnerabilities
Your message feels disingenuous and not in good-faith.
Auth0 clearly advises against the localStorage option which is most similar to Stytch's:
> _Important:_ This feature will allow the caching of data _such as ID and access tokens_ to be stored in local storage. Exercising this option changes the security characteristics of your application and _should not be used lightly._ Extra care should be taken to mitigate against XSS attacks and minimize the risk of tokens being stolen from local storage.
This is from the readme of the github you linked:
https://github.com/auth0/auth0-spa-js/tree/0de9c6bf61d37fc21...
And since their other client-only solutions have major UX challenges (as you highlight), I expect most Auth0 users have landed on the secure option.
This is very different from Stytch - which as far as I can tell - doesn't disclose or acknowledge the risk, and instead willingly puts developers at increased risk. Throughout this thread, you've been dismissive of the risk despite security organizations clearly indicating that HttpOnly is best-practice.
You've found a legitimate comparison in Firebase, but for me, you've taken several steps too far trying to compare to Auth0.
-
Fastify DX and SolidJS in the Real World
Auth0 provides the auth0-spa-js package which offers two ways to authenticate users:
-
Persistent login in React using refresh token rotation
Therefore, I have transformed the library [@auth0/auth0-spa-js](https://github.com/auth0/auth0-spa-js), which is another official Auth0 client library, to have an authentication hook and methods that can be accessible outside the components.
-
React Testing Library with Auth0 and conditional rendering
auth0-spa-js must run on a secure origin. See https://github.com/auth0/auth0-spa-js/blob/master/FAQ.md#why-do-i-get-auth0-spa-js-must-run-on-a-secure-origin for more information. 32 | it("renders a login button", () => { 33 | > 34 | const { getByText } = render( | ^ 35 | 36 | 37 |
AppAuth-JS
-
Ionic React App with Social Login
ionic-appauth: 35 GitHub stars. This repo does not have version tags. Ionic-AppAuth is an implementation of the openid’s AppAuth-JS for Ionic development. The documentation is minimal (close to none), but has a React sample that you can examine: https://github.com/wi3land/ionic-appauth-react-demo
What are some alternatives?
nextjs-auth0 - Next.js SDK for signing in with Auth0
angular-auth-oidc-client - npm package for OpenID Connect, OAuth Code Flow with PKCE, Refresh tokens, Implicit Flow
auth0-angular - Auth0 SDK for Angular Single Page Applications
cordova-plugin-firebase-authentication - Cordova plugin for Firebase Authentication
auth0-python - Auth0 SDK for Python
openid-connect-app - Sample project for implementing OIDC server with a web application and an API service.
auth0-react - Auth0 SDK for React Single Page Applications (SPA)
capacitor-firebase-auth - Capacitor Firebase Authentication Plugin
feedback - Feedback, Ideas and Suggestions for our articles
logto - 🧑🚀 The better identity infrastructure for developers and the open-source alternative to Auth0.
fastify-vite - Fastify plugin for Vite integration.
ionic-appauth-react-demo - React Implementation Of Ionic App Auth