Fusionauth-issues Alternatives

fusionauth-issues reviews and mentions

• Are Magic Links Outdated?
  4 projects | news.ycombinator.com | 13 Jul 2022

  Another issue that I don't see covered here is that some email clients (looking at you, Outlook) pre-fetch links to see if they are security risks. If you build a magic link system which handles plain old GETs, the one time code gets used up before the user can actually log in.

  We ran into this at FusionAuth and had to do implement some workarounds, documented here: https://github.com/FusionAuth/fusionauth-issues/issues/629#i...

  Edit: https://news.ycombinator.com/item?id=32081192 mentions some other issues.

• Ask HN: Anyone use GitHub Issues at their company?
  3 projects | news.ycombinator.com | 29 Mar 2022

  We do, extensively, both internally and externally. In fact, we don't have any other explicit way to order engineering work. (There's always the "inside the CTO's head" priority list, but we strive to get that into GH issues.)

  https://github.com/fusionauth/fusionauth-issues/issues is our main external facing repo. We use it:

  * to track issues. Every code change should tie back to an issue in this repo.

  * to get feedback from the community. People can upvote issues that are important to them.

  * to take input from the community. If someone wants a feature added or a bug fixed, we ask them to file an issue. This is a desired bit of friction (if you can't be bothered to file an issue, then you probably don't care that much).

  * to expose the near term roadmap to customers and community members (we do this using milestones)

  * to expose our decision making and prioritization process. We've had customers say they loved that about our product. The product is not open source, but the development process is as transparent as we can make it (see https://github.com/FusionAuth/fusionauth-issues/issues/1577 for example).

  It's great for all those things. On to your concerns:

  * bug reporting: yes, but make sure you use templates

  * sprint/epic management: okay for that. Not easy to tie bugs together in any structured way (we use a 'related bugs' section of the issue description, but that depends on frail humans to keep it up to date)

  * release management (from development, to code review, to QE verification, to release): less familiar with this, I know there is a kanban view that we've used. Milestones are useful here.

  * integration with non-engineering teams (ie, letting customer support/customer success tag issues that customers have brought up): as long as they are GH knowledgeable, it'll work.

  From my limited jira experience, it's much more powerful when you have teams of teams and need reporting and customization. But for a team our size (<10 engineers), GH issues has been great.

• AWS is playing chess, Cloudflare is playing Go
  8 projects | news.ycombinator.com | 18 Oct 2021

  This is our major need right now:

  https://github.com/FusionAuth/fusionauth-issues/issues/1393

  Basically, providing a static IP to some EC2 instance traffic so that folks can add an IP to their firewall.

• Kanidm: A simple, secure and fast identity management platform
  6 projects | news.ycombinator.com | 16 Oct 2021

  Interesting that they are choosing to provide an integrated solution including user management and OAuth IdP ( https://github.com/kanidm/kanidm/pull/485 ) rather than plug into existing open source or even commercial offerings.

  Here's a design doc about their OAuth choices: https://github.com/kanidm/kanidm/blob/master/designs/oauth.r...

  It would seem simpler to go with the Ory approach of "best in breed" for, say network management tooling (most of which they already have implemented), and then integrate with Keycloak, Okta, FusionAuth, the Ory suite, etc for user management. Maybe they didn't want to do that because there are synergies with integrated user management? I dunno, seems like there are a lot of user management tools out there.

  I also find it interesting that they explicitly disallow a goal of building a better LDAP server. I think there's a lot of room to run in that. My employer has had users show a fair bit of interest in a modern experience with LDAP layered on top ( https://github.com/FusionAuth/fusionauth-issues/issues/954 ) and I talked to someone at a conference that had built a whole business out of virtual LDAP: https://www.radiantlogic.com . They were working with companies with multiple LDAP based auth systems, and providing a way to have apps see one view of the user.

  Maybe kanidm isn't that project, but it seems like a modern OSS LDAP implementation would be welcomed by the software community.

  Disclosure: I work at FusionAuth.

• Paserk: Platform Agnostic SERialized Keys
  2 projects | news.ycombinator.com | 29 Jul 2021

  I've looked at paseto (and even filed an issue in our repo about supporting them: https://github.com/FusionAuth/fusionauth-issues/issues/773 ) but the thing I keep running into is:

     * JWT can be secure if you are careful

• Is there a quicker way of setting up auth for apps and SPAs in .NET Core?
  4 projects | reddit.com/r/dotnet | 28 May 2021

  There's also FusionAuth

• Authentication in ASP.NET Core API without using third party solutions
  7 projects | reddit.com/r/dotnet | 30 Apr 2021
• Auth0 has been down for 2+ hours with the root cause still unidentified
  1 project | reddit.com/r/programming | 21 Apr 2021

  Check out FusionAuth, https://fusionauth.io/

• Never write a UserService again
  4 projects | dev.to | 22 Mar 2021

  as-a-service: Okta, Amazon Cognito, onelogin, PingIdentity, FusionAuth

• The Difficulties of SAML Single Logout
  2 projects | news.ycombinator.com | 17 Mar 2021
• Authelia is an open-source authentication/authorization server with 2FA/SSO
  7 projects | news.ycombinator.com | 10 Mar 2021

  These dimensions all matter to varying degrees depending on your team and needs.

  Disclosure: I work for https://fusionauth.io/ which has open source supporting libraries and docs, but which is itself not open source.

• IdentityServer is overkill for many Blazor apps. What else is better?
  1 project | reddit.com/r/dotnet | 9 Mar 2021

  Look at https://fusionauth.io/ We too had the same problems with IdentityServer that you had as well as they switch to a fee. We ran across this and it works great. I think it is a lot easier to use as well and the interface that it comes with is good for setting up auth on a site.

• The reason okta spent $6.5B Auth0
  3 projects | news.ycombinator.com | 5 Mar 2021

  * documentation and developer experience

  And that doesn't get into specific features that you might need. An example: if you want to modify a user object in the middle of a login flow, Auth0 has rules, we have Lambdas, Keycloak has plugins. How are you going to know what features you need without building out at least a sample app?

  Oh, and pricing! Lots of the smaller operations (us included) have transparent pricing, but Okta/Auth0 don't.

  I wrote out a list of 13 different use cases for FusionAuth ( https://github.com/fusionauth/fusionauth-issues/issues/1002 ) and I am still discovering new ways this coiuld be used. I'm sure that is the case with all these competitors.

  It's the old elephant story: https://www.peacecorps.gov/educators/resources/story-blind-m...

  3 projects | news.ycombinator.com | 5 Mar 2021

  That does clarify things. To be honest I thought "Editions" was a product alongside "Cloud".

  So Fusionauth looks pretty good - it does a lot more than I need. Though the lack of a "public path" setting is the first roadblock: https://github.com/FusionAuth/fusionauth-issues/issues/88

• Okta to Acquire Auth0 for $6.5 billion
  1 project | reddit.com/r/programming | 4 Mar 2021

  We do have an open issue on the roadmap that I think is what you are looking for - no immediate plans to implement this feature. But if we get enough interest - we would build it. https://github.com/FusionAuth/fusionauth-issues/issues/954