With the idea “why should I code sign-in again,” I started building Logto with several developer friends about one year ago. Quickly we found the idea goes bigger (also the team); now, we want to build not just a customizable sign-in UI but also an identity solution.
Here comes the public alpha:
- An OIDC-based identity service
- Multi-platform user sign-in/up experience with dark mode and SDKs (Web, iOS, and Android)
- Sign in/up with dynamic SMS/Email passcode (Passwordless)
- Out-of-box social sign-in integration (GitHub, Google, WeChat, Alipay, etc.)
- A web UI to control all the above (Admin Console)
- Extendable multi-language support
It’s fully open-sourced, and we are super happy to hear from the community.
Looks great! I currently use Auth0 for my projects. One specific feature in Auth0 prevents me from switching to any other IAM: rules (or their new version: actions).
It’s basically running some JavaScript upon logging in (or signing up, or when a machine to machine token is created). It allows me to extend the created JWT with custom properties and perform backend logic (e.g. perform an API call upon user registration).
Yes yes! It’ll be a amazing feature that can enable automation and save tons of time. Logto supports these hooks technically, and we can productize it in the near future.
Looks cool from a first glance. Quick question to give you a chance to differentiate. Why your solution over Keycloak?
Also, we're in the API Gateway space and integrate with OIDC providers. Let me know if you want to make an integration and do some co-marketing. We always look for better ways to combine API integrations with OIDC. https://wundergraph.com/docs/reference/wundergraph_config_ts...
Btw. we're currently looking into better support for CLIs. Do you support the device flow? (Keycloak does)
Thanks. Keycloak needs professional identity knowledge to correctly set up, and has tons of extra UI/UX works to do. Logto provides out-of-box usage even if you are not familiar with OAuth/OIDC at all. It comes with a customizable end-user sign-in experience (UI) for both web and native, and a web admin console to manage Logto and know your users.
Logto provides a frontend-to-backend identity solution, with minimum invasion to the current tech stack.
We’re currently focusing on end-user experience, but CLI support would be not hard since our service is based on OIDC.
Co-marketing would be great, let’s keep in touch. What’s your preferred communication channel?
I would like a serverless and distributed solution, that supports: username & password, SSO discovery, SAML 2, federated SAML, OIDC, OAuth2, magic links, permissions, rules for assigning users to groups based on attributes, deletion automation, multi-tenancy and - of course - excellent security and monitoring.
We pay a lot of money to Okta at the moment, and have to use another solution "on top" to support federated SAML.
We'd rather all this be in our own AWS account and globally distributed so personal data never leaves the users country of origin.
We saw ory.sh a while ago and it looks great. From what I can see now, ory is mainly focusing on the server side, while Logto is not only an identity service, also trying to provide a smooth and customizable sign-in experience (UI) for end-users and let you to focus on your real business asap.
Plus, Logto comes with a web admin console to manage Logto and to know your users with no coding skill required. You can get user insights like DAU/MAU with graphic charts within the console.
Question: I work on a OSS CRM that historically relied on a CMS (Drupal/WordPress) for authentication.
Now we're looking to make it more standalone, which means coding our own login etc, and eventually things like SSO, LDAP, etc
Would this be a good fit?
If I understood the docs correctly, every install has to do their own setup, so it might not work? (some partners run it as a SaaS, but most run it as a PHP app on their own VPS).
I think Logto will be good at “standalone identity service”, which means you can delegate all the sign-ins and user identity issues to Logto. (Just like SSO)
So you can have only one Logto installed, and add multiple “API resources” (for apps with a dedicated API service) and “applications” (for traditional web apps or your native/spa clients) in Logto. No matter they are remote or local, VPS or SaaS.
The logic is simple:
- for clients and traditional web apps, when it detects user is not signed in, use SDK to redirect to Logto
- for API services, add a middleware function to check if the request holds a valid token
If you’d like to connect a third party identity provider, “connectors” will be your friend.
These cases are covered in the docs.
Hope my reply helps. Feel free to join our discord channel or send us an email if you have any questions. :-)
This looks cool. I could see myself using this once it’s a bit further along. This looks most similar to Clerk. For me, the best service is the one with the best SDK and documentation. I was excited about Clerk because they have SDKs for Remix and Expo (React Native).
And here is where Django and RoR shine. With their very rich, and above all, well integrated ecosystem, we have had plugins to do all this with a few settings for years.
That's where "libs over frameworks" doesn't pay.
And you don't have to delegate your sign in to a third party, share user data, get locked in, or have all the problems associated with having some part of your stack as a service, micro or not.
32 comments
[ 3.3 ms ] story [ 78.0 ms ] threadHere comes the public alpha:
- An OIDC-based identity service
- Multi-platform user sign-in/up experience with dark mode and SDKs (Web, iOS, and Android)
- Sign in/up with dynamic SMS/Email passcode (Passwordless)
- Out-of-box social sign-in integration (GitHub, Google, WeChat, Alipay, etc.)
- A web UI to control all the above (Admin Console)
- Extendable multi-language support
It’s fully open-sourced, and we are super happy to hear from the community.
What is the business model?
It’s basically running some JavaScript upon logging in (or signing up, or when a machine to machine token is created). It allows me to extend the created JWT with custom properties and perform backend logic (e.g. perform an API call upon user registration).
Is this something Logto will eventually support?
Thank you for the great feedback. Stay tuned. :-P
Also, we're in the API Gateway space and integrate with OIDC providers. Let me know if you want to make an integration and do some co-marketing. We always look for better ways to combine API integrations with OIDC. https://wundergraph.com/docs/reference/wundergraph_config_ts...
Btw. we're currently looking into better support for CLIs. Do you support the device flow? (Keycloak does)
Thanks. Keycloak needs professional identity knowledge to correctly set up, and has tons of extra UI/UX works to do. Logto provides out-of-box usage even if you are not familiar with OAuth/OIDC at all. It comes with a customizable end-user sign-in experience (UI) for both web and native, and a web admin console to manage Logto and know your users.
Logto provides a frontend-to-backend identity solution, with minimum invasion to the current tech stack.
We’re currently focusing on end-user experience, but CLI support would be not hard since our service is based on OIDC.
Co-marketing would be great, let’s keep in touch. What’s your preferred communication channel?
Cognito is okay, but quite expensive if you want to make something popular and run it out of your own pocket.
I would like a serverless and distributed solution, that supports: username & password, SSO discovery, SAML 2, federated SAML, OIDC, OAuth2, magic links, permissions, rules for assigning users to groups based on attributes, deletion automation, multi-tenancy and - of course - excellent security and monitoring.
We pay a lot of money to Okta at the moment, and have to use another solution "on top" to support federated SAML.
We'd rather all this be in our own AWS account and globally distributed so personal data never leaves the users country of origin.
Not asking for much surely? </s>
For SAML or other identity auth methods, we’ve designed “connector” protocol which enables you to easily connect arbitrary identity providers.
Permission and automation are the two of main topics we’ll focus on in the next half of 2022.
Also we’ll provide deployment guides for the mainstream cloud services.
Your needs are very practical and reasonable. Really appreciate it. Would love to connect via discord or email. Cheers.
[0]: https://www.ory.sh/
Plus, Logto comes with a web admin console to manage Logto and to know your users with no coding skill required. You can get user insights like DAU/MAU with graphic charts within the console.
Now we're looking to make it more standalone, which means coding our own login etc, and eventually things like SSO, LDAP, etc
Would this be a good fit?
If I understood the docs correctly, every install has to do their own setup, so it might not work? (some partners run it as a SaaS, but most run it as a PHP app on their own VPS).
So you can have only one Logto installed, and add multiple “API resources” (for apps with a dedicated API service) and “applications” (for traditional web apps or your native/spa clients) in Logto. No matter they are remote or local, VPS or SaaS.
The logic is simple:
- for clients and traditional web apps, when it detects user is not signed in, use SDK to redirect to Logto
- for API services, add a middleware function to check if the request holds a valid token
If you’d like to connect a third party identity provider, “connectors” will be your friend.
These cases are covered in the docs.
Hope my reply helps. Feel free to join our discord channel or send us an email if you have any questions. :-)
That's where "libs over frameworks" doesn't pay.
And you don't have to delegate your sign in to a third party, share user data, get locked in, or have all the problems associated with having some part of your stack as a service, micro or not.
It allows you to focus on trusting the identity and not worrying as much about someone stealing credentials etc.
Also presumably that other party has a security team constantly monitoring and securing things.