User Management
Core Considerations
- Principle 6. from Company Principles - this is not a core concern hence should outsource;
- Must support hierarchical structures potentially demanded by large IFA organisations;
- But must preserver zero-knowledge guarantees - see Multiuser;
Refs
SaaS
Must
- authentication & authorisation
- online onboarding
- allow emails as usernames
- can manage these
Should
- 2FA in the future
- support heirarchies of users
Options
- https://frontegg.com/
- no Svelte library :-(
- https://auth0.com/pricing
- owned by Octa
- https://www.secureauth.com
- no pricing
- https://miracl.com
- really interesting - only a PIN code - but no user management
- https://firebase.google.com/docs/auth
- use with
| Supplier | Freebie | Cost Thereafter | Other |
|---|---|---|---|
| FrontEgg | 7,500 MAU | ‘contact us’ | include social networks |
| Auth0 | 25k MAU | given | include social networks |
| Firebase Authentication | 3DAU / 50k MAU | cheapest? | can use OpenId |
| Amazon Cognito | 50k | equivalent to Google | includes 2FA, needs other services |
Zero Knowledge
- Use OIDC provider
THe Winner : Firebase. Use as a pure auth/auth soln and do everything else outside.
- excet perhaps: user tracking … Firebase anon user…