You can find them at Auth0.com. As of now I’m serving on their Advisory Board. It’s not an actual job but yes, I do have a financial interest in their success, so you should take that into account when you read what I write.
Why Auth0? · Well, having spent a couple of years advocating back and forth between Google and the developer community around Identity issues, I’ve become keenly aware of how under-served that community is. Modern identity tech is getting to the point where it’s irresponsible not to be deploying it; but the devil is in the details, and boy are there ever a lot of details. So in principle I approve of the soup-to-nuts end-to-end solve-the-whole problem package Auth0 is trying to deliver.
On top of that, I like Auth0’s unapologetically developer-focused approach and transparent pricing structure; with every decade that passes, my loathing for traditional Enterprise-software sales culture deepens.
Also, specifically, I have another project that I left unfinished at Google but I plan to pick up again, and what it needs to be complete, mostly, is user accounts and sign-in and so on. The Auth0 guys were explaining their system to me and I was thinking “This thing would snap right onto that thing,and in a very pleasing way.” Over the years I’ve found my software tastes to be very mainstream, so I’d call that a positive indicator.
In particular, the docs page is pretty cool, and I have to nod my head at pretty well every one of the nine assertions at Why Auth0.
Finally, check out the Rules feature. Auth’s server-side is a Node thing, and it includes a sandbox where you can have your own JS code run when something happens, for example when someone initially signs up, or whenever they authenticate. Nifty! (And I don’t even like JavaScript.)
On a lighter note, Auth0 is headquartered in Seattle but has a strong Argentinean connection; and that has to be a good thing.
Comment feed for ongoing:
From: Adrian (Apr 28 2014, at 14:05)
The 'identity broker' notion is a nice convenience for developers, and Auth0 is very easy to work with. I had my (grails) web app delegating to them (and thus accepting authentication from all the usual suspects) in less than 15 minutes.
There's a disconnect in that the 'grant' step at the IDP shows Auth0 as the requestor and the user is likely expecting to see 'mywebapp'. Absent the ability for Auth0 to transparently request permissions 'on behalf of...' I don't see a way around this.
I work for a mid-size Canadian financial institution, and we see a role in the IDP space. The Federal Government and BC Provincial Government are keen to delegate to FIs as we've already done the verification.
It's an interesting space.
[link]
From: Matias Woloski (Apr 28 2014, at 16:29)
@Adrian, you can do that by configuring the clientid/secret on Auth0 dashboard. See the screenshot below:
https://cloudup.com/czwq0OdxRO8
Matias
[link]