auth0-spa-js
unocss
Our great sponsors
auth0-spa-js | unocss | |
---|---|---|
5 | 56 | |
875 | 15,339 | |
0.6% | 2.3% | |
8.7 | 9.6 | |
6 days ago | 3 days ago | |
TypeScript | TypeScript | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
auth0-spa-js
-
Tell HN: Stytch Login SaaS Unicorn has common auth vulnerabilities
Your message feels disingenuous and not in good-faith.
Auth0 clearly advises against the localStorage option which is most similar to Stytch's:
> _Important:_ This feature will allow the caching of data _such as ID and access tokens_ to be stored in local storage. Exercising this option changes the security characteristics of your application and _should not be used lightly._ Extra care should be taken to mitigate against XSS attacks and minimize the risk of tokens being stolen from local storage.
This is from the readme of the github you linked:
https://github.com/auth0/auth0-spa-js/tree/0de9c6bf61d37fc21...
And since their other client-only solutions have major UX challenges (as you highlight), I expect most Auth0 users have landed on the secure option.
This is very different from Stytch - which as far as I can tell - doesn't disclose or acknowledge the risk, and instead willingly puts developers at increased risk. Throughout this thread, you've been dismissive of the risk despite security organizations clearly indicating that HttpOnly is best-practice.
You've found a legitimate comparison in Firebase, but for me, you've taken several steps too far trying to compare to Auth0.
-
Fastify DX and SolidJS in the Real World
Auth0 provides the auth0-spa-js package which offers two ways to authenticate users:
-
Persistent login in React using refresh token rotation
Therefore, I have transformed the library [@auth0/auth0-spa-js](https://github.com/auth0/auth0-spa-js), which is another official Auth0 client library, to have an authentication hook and methods that can be accessible outside the components.
-
React Testing Library with Auth0 and conditional rendering
auth0-spa-js must run on a secure origin. See https://github.com/auth0/auth0-spa-js/blob/master/FAQ.md#why-do-i-get-auth0-spa-js-must-run-on-a-secure-origin for more information. 32 | it("renders a login button", () => { 33 | > 34 | const { getByText } = render( | ^ 35 | 36 | 37 |
unocss
-
Tailwind CSS v4.0.0 Alpha
I wish tailwind would support attributify like https://github.com/unocss/unocss, which is much more readable for complex layouts:
link
- UnoCSS — an Instant On-Demand Atomic CSS Engine
-
Catalyst – Tailwind CSS Application UI Kit
I feel the same about people praising Tailwind.
Tailwind (and similar, I tend to use https://unocss.dev/) is not good for your frontend architecture BUT they allow you to be so fast, that it negates the benefits.
For a job well done, I'd follow the principles of https://maintainablecss.com/
-
What do you think we can do better to improve Vue position in the frontend space as a dominant UI framework?
I think UnoCss is may be better than Tailwind already and has a good Vue integration https://unocss.dev/
-
~~New~~ Old way to write CSS
The most popular tools that implement this approach are: Tailwind, WindiCSS, UnoCSS.
-
Which is best for DX and efficiency, TailwindCSS, UnoCSS, PandaCSS, or the new MasterCSS
- UnoCSS: https://unocss.dev/
-
A design system for the federal government
haha, fair point. Still, I'm on the fence about how utility components are namespaced in USWDS. Perhaps giving users the flexibility to define the namespace might work better? One thing that bugs me is the absence of class-sorting like we have in TailwindCSS. Plus, there are some gaps I've noticed in USWDS. The naming, especially when comparing "padding-x-2" and "p-x-2", can be really annoying when switching around, maybe that could also be an option for the developer or project. Similar to the ideas antfu has on uno.css https://unocss.dev/ ♥
-
Modern CSS Framework or Library for Static Websites?
UnoCSS is a popular option
-
Vrite Editor: Open-Source WYSIWYG Markdown Editor
UnoCSS — for styling with Tailwind-like atomic CSS;
-
Why I Switched From Neovim to VSCode
Some exceptional libraries and frameworks only support VSCode, which you could argue is a bad thing, but it makes sense, VSCode is the most popular code editor after all. For example UnoCSS only has a VSCode extension, and it's my favourite way to write CSS. Astro has a LSP but I've found that the experience in VSCode is much better than in Neovim.
What are some alternatives?
nextjs-auth0 - Next.js SDK for signing in with Auth0
Tailwind CSS - A utility-first CSS framework for rapid UI development.
auth0-angular - Auth0 SDK for Angular Single Page Applications
windicss - Next generation utility-first CSS framework.
auth0-python - Auth0 SDK for Python
tail-kit - Tail-kit is a free and open source components and templates kit fully coded with Tailwind css 3.0.
AppAuth-JS - JavaScript client SDK for communicating with OAuth 2.0 and OpenID Connect providers.
unplugin-vue-components - 📲 On-demand components auto importing for Vue
auth0-react - Auth0 SDK for React Single Page Applications (SPA)
Quasar Framework - Quasar Framework - Build high-performance VueJS user interfaces in record time
fastify-vite - Fastify plugin for Vite integration.
vanilla-extract - Zero-runtime Stylesheets-in-TypeScript