netlify-identity-widget VS auth0-java

Leveraging the open-source GoTrue API, Netlify Identity can be added to your site with the Netlify Identity widget by adding this

In the first version of the website, I used Netlify Identity, which is Netlify's own authentication solution. With Netlify Identity Widget it is easy to add authentication, but I quickly discovered that I missed some more advanced functionality. I therefore switched to Auth0, which to a greater extent allowed me to tailor the login solution. Auth0 also had some functionality I needed to create a user admin dashboard, like role-based authentication.

However, it soon became apparent that Netlify Identity had some limitations. One was that the login alert was not in Norwegian (I translated it and opened a pull request, but could not wait for it to go through. It's been 7 months now...). The other reason for not sticking with Netlify Identify was that I started working on a dashboard for user account management where I would need some more advanced functionality than Netlify Identity Widget could provide. After some research, I ended up choosing Auth0.

How do you know that Netlify is production ready? I found Netlify Identity to not be production ready* and now I'm not so sure about the rest of the platform.

* Three reasons. 1) The identity widget has people setting it up in such a way that tokens aren't refreshed and logins last only an hour. https://github.com/netlify/netlify-identity-widget/issues/11... 2) Netlify Identity keeps bumping me out despite having gone out of my way to get it configured properly. I don't know why but the issue has lasted for weeks. 3) In development mode, the token can't be verified without making a request to Netlify Functions, and the suggested path (in Redwood.js at least) is to just parse the JWT without verifying it.

The animation I'm referring to is the sliding up text in the hero section

Protect endpoints using JWT security with a OpenID Connect IAM like Auth0 or Keycloak Optionally control access to endpoints using RBAC

Auth0 is an adaptable authentication and authorization platform. Auth0 takes out the pain of developing a full authentication system from scratch for your application and managing user credentials by yourself.

First things first, you need an account on the Auth0 platform, so head to their page and create one.

Functions can be triggered in multiple ways: HTTP, Queue, Db, Blob Storage Change and many more. More on this can be found here. This was one of the major reasons why I thought Azure Functions are great. I mostly needed the HTTP and Queue trigger. With HTTP functions comes also the requirement for Authentication and Authorization. I'm using Auth0 as an authentication provider. The implementation is usually straightforward. The frontend obtains an access token and the API validates the token and authenticates the request. OpenID connect is well documented and somewhat easy to use in asp.net core for example. Not with Azure Functions I googled for days, opened an issue and tried everything I could think of and came to the conclusion: Microsoft doesn’t provide you with proper SDKs to handle authentication adequately.

Auth0

There are more and more products getting into the market every day that need to deliver a lot of features. Sometimes those things become super complex, and the main thing they usually don’t have is time. A lot of those parts are engineers issues that can be democratized by open-source solutions. You can use Okta for the identity solution, Add Auth0 for authentication, and then use Permit for authorization and you have easily saved thousands of development hours.

Say that we have decided to use Auth0 for authorization in our architecture. We want to give users with different sets of permissions access to different levels based on their permissions.