Fun Links 2016-01-08
Having integrated third party identity management into a web app recently, I thought I’d take a moment to compare some of the options available in this space.
Whatever type of app you are building, you are very likely to have users. Often you need to keep track of those users, and authenticate them when using your app. And not just authenticate, you need to collect some information about them and provide a way for them to change their passwords, or even reset them if forgotten. There is a lot of standard boilerplate surrounding user management that makes it ideal to be managed by a third party. Assuming you trust the third party with this information. But that is true of any cloud service.
Two years ago, I wrote a post which linked to a service that offers this type of functionality called UserApp. You can consider these offerings to be similar. Ultimately they are all trying to provide the same essential service; it is just how they deliver that makes the difference.
I’m seeing the main differences are in pricing model and integration support. The latter refers to how many identity providers you can access. Commonly these are “social” websites you can use to identify yourself. You’ve likely seen things like this before with a Login with Facebook button when signing up to other websites. But it can also mean enterprise providers, like LDAP.
All of these options provide a free option with some restrictions or up to a certain threshold.
Auth0 claims their free plan is production ready, which sound right since they provide up to 7,000 active users per month. They can host a username/password database for you and you can integrate with up to two social providers (out of the 30+ they support). They provide a drop-in component for your web and mobile apps called Lock which provides the UI for authentication and registration of users. Their documentation is good, and they have lots of sample apps and examples to guide your integration (which is pretty easy).
Stormpath has a free developer plan, limited to 100,000 monthly API calls. They will host unlimited users and groups and can integrate with Facebook and Google. They only support those two at the moment. Stormpath also has some SDKs and example apps available which show integration in various languages. They don’t seem to have a pre-made UI for you to use, but they do offer a hosted login domain for some of the plans.
DailyCred has a pricing model similar to Auth0, in that they count active users per month. With DailyCred, your first 1000 are free each month. There is no other tiered offering, just pay per active user. They only support ten social identity providers, but they do provide a drop in UI for use locally, called Connect. Also, they have hosted pages to signup and sign in on their servers that will redirect you back to your app with a token. They also have an extensive user analytics offering that I haven’t seen mentioned anywhere else.