Home 零对冲(ZeroHedge)每日HackerNews

(评论)
(comments)

原始链接: https://news.ycombinator.com/item?id=41194673

你好黑客新闻! 来认识一下 Zai 和 Konsti,他们是 Stack Auth([网站](https://stack-auth.com))的创建者,Stack Auth 是一个免费的开源平台,旨在处理身份验证和授权需求。 与竞争对手不同,他们提供可定制的登录和注册页面,减少了管理各种元素的麻烦。 他们的项目源于多年来对现有平台的不满,旨在平衡便利性和开源开发。 与 Auth0 等市场领导者相比,Stack Auth 提供了增强的开发人员友好性,同时避免了强大的供应商锁定。 Clerk 等较新的替代方案在向开发人员进行营销方面表现出色,但仍然是专有的。 其他流行的开源选项(如 Supabase Auth 或 Auth.js/NextAuth)仅专注于身份验证,而不提供其他工具。 构建个性化身份验证系统通常需要大量工作,涉及加密、OAuth 流、访问令牌、基于角色的访问控制 (RBAC)、权限同步和 API 密钥。 由于在这些领域发现的漏洞,许多本土开发的非 OAuth 或基于密码的应用程序在安全性方面存在缺陷。 认识到这个问题后,Zai 和 Konsti 开始通过创建 Stack Auth 来解决这个问题。 它提供自托管和托管托管选项,确保其数据导出功能免受潜在锁定。 除了提供身份验证功能外,它还具有授权、用户管理和连接帐户的功能,可以与第三方服务 API 无缝集成。 此外,Stack Auth 拥有与主要技术堆栈的深度集成,目前支持 Next.js 前端并拥有记录良好的 REST API,允许跨语言的灵活性。 要了解有关其创新身份验证方法的更多信息,请访问[他们的 GitHub 存储库](https://github.com/stack-auth/stack) 或[文档页面](https://docs.stack-auth.com)。 他们欢迎反馈并期待听到您对身份验证挑战的想法。

相关文章
原文
Hi HN! We're Zai and Konsti, and we're building Stack Auth (https://stack-auth.com/), an open-source managed authentication and authorization platform. Basically, we build your login and signup pages, and everything that comes with that.

Our GitHub repo is at https://github.com/stack-auth/stack, and there’s a zero-budget demo video here: https://www.youtube.com/watch?v=LTkjdPf2E2Q

Stack Auth was born out of years of frustration with the incumbents. We wanted to build something that is developer-friendly and open-source at the same time.

The dominant player in this space is Auth0, who appeals to enterprises but lags behind in developer-friendliness and has strong vendor lock-in. A newer one is Clerk, which markets directly to devs, but is still entirely proprietary. Open-source solutions like Supabase Auth or Auth.js/NextAuth are only authN, and don't provide the rest of the toolchain.

On the other hand, building your own auth infrastructure is tedious work. Rolling your own crypto is already hard enough, but on top you'll have to deal with OAuth flows, access tokens, RBAC, permission syncing, API keys, and so on. Most handcrafted OAuth or password-based applications in the wild are vulnerable in at least some of these areas.

To us, the solution to this was obvious, so we decided to build it. Stack Auth is 100% open-source, licensed under MIT and AGPL. You can self-host, or choose to use our managed hosting. If you choose the latter, there's no lockin. You can export all your data and/or start self-hosting at any time.

Also, we're more than just authentication — we have authorization (orgs, teams, permissions, RBAC) and user management (impersonation, user dashboard, webhooks).

One interesting feature is what we call "connected accounts": we can manage and refresh your OAuth access tokens even for services that your users don't use for sign in, such as when accessing GMail or OneDrive APIs.

We also put a lot of weight into integrating deeply into the tech stack itself. For now, we support Next.js frontends with a bunch of components and hooks for sign-in, password reset, and organizations. Though, we do have a well-documented REST API (https://docs.stack-auth.com/rest-api/auth), so you can access Stack from any language.

For more info, check out our GitHub repo above, or our documentation (https://docs.stack-auth.com).

Would love to hear about your own stories and opinions on auth. Thanks all!

联系我们 contact @ memedata.com