Open Source Authentication and Authorization I’m Rishabh and the co-founder and CTO at https://supertokens.com (YC S20). We offer open-source user authentication and we just released our user roles product for companies implementing authorization. Our users are web developers, and a prominent and adjacent pain point for our users is authorization. Developers typically implement two independent solutions for authentication and authorization. Offering AuthN and AuthZ in a single solution is something we’ve been thinking about for the last few years. Quick primer, authentication is knowing who the user is, and authorization is knowing what the user has access to. A physical analogy: A person enters a building. Authentication means reading their ID card and knowing that the person’s name is John. Authorization means knowing which floors, offices, and files John has access to. With increasing privacy and data complexity, companies like Netflix[1], Slack[2], and Airbnb[3] have built out their own complex authorization systems. To build our user roles product, we started with a first principles approach of covering authorization use cases using scripting languages such as XACML and OPA. But looking at existing solutions built by talented teams like Oso[4], Aserto[5], Cerbos[6], Strya[7], we realized that while these were powerful solutions, they were often overkill for most early to mid-stage companies (especially on the B2C side). We went back to the drawing board, reached out to our users and after dozens of conversations, we realized that most authorization needs require the ability to 1. Assign and manage roles and permissions 2. Store roles in the DB and session tokens to make it readable on the frontend and 3. Protect APIs and websites based on these roles and permissions. And so, we built user roles – a simple RBAC authorization service that focuses on the balance between simplicity and utility. It doesn’t cover many complex cases and we’re not looking to displace any of the authorization incumbents. But you can add AuthN and AuthZ using a single solution, quickly. In the near future, we’ll be launching an admin GUI where you can manage your users and their roles with a few clicks. We’d love for you to try it out and hear what additional functionality you’d like to see. What are your favorite authentication providers and what do they get right? - [1]: https://ift.tt/jFEx6gV - [2]: https://ift.tt/ipg7Otl - [3]: https://ift.tt/6JyA9Ke - [4]: https://www.osohq.com/ - [5]: https://www.aserto.com/ - [6]: https://cerbos.dev/ - [7]: https://www.styra.com/ November 3, 2022 at 07:45PM
Show HN: Tape It, iOS recording app for musicians Hello HN, Over the last 15 months, two friends and I developed the music recording app we felt we wanted based on our own needs as musicians. It's called Tape It [1] and has just recently hit the Apple App Store [2]. We put a lot of effort into a good UX to help musicians really focus on playing their instrument instead of pretending to be a recording engineer. The app records in stereo on newer iPhones (although that's a premium feature; the free version only records in standard mono audio quality). I would be really grateful for advice from this community on how to best approach marketing. We had a great TechCrunch article covering our launch [3], and we posted it on various music websites. Turns out advertising on Google or Apple Search is a dark art, though. We have some good ideas for developing a good social media presence, but they will take time. Please hit us with feedback, opinions and advice that you think a young ind...
Comments