
Ask HN: SSO services, Auth0 vs Stormpath vs DailyCred - pauleddie
Hi all,
 I&#x27;m looking for experience&#x2F;opinions on the above 3 mentioned SSO services.<p>The use case for the service for me is to use it for multiple small side projects that I would hope to grow in the future and would like to be able to get all the data out if needed.  I don&#x27;t want to spend my time dealing with login systems, I&#x27;d rather concentrate on the products hence willing to pay some cash for a service rather than writing it all myself.<p>- Stormpath (www.stormpath.com) I&#x27;m currently favouring this due to a more understandable pricing model and their explicit mentioning of being able to export all the data from them if needed (even if they have limited social login options, only 2 as far as I can see).<p>- Auth0&#x27;s (www.auth0.com) Pricing model seems strange to me (if I could predict my user login rates it might be better) but their product seems very polished.<p>- Dailycred (www.dailycred.com) pricing page is just confusing&#x2F;weird to me and I find the web page not that friendly to learn about their product so not that enthused by it.<p>But all seem to fairly light on information about uptime SLAs etc.<p>So as I said, any current users of any of these I&#x27;d love to hear from! (or if there&#x27;s better ones out there please let me know :) )<p>Thanks!<p>Paul
======
rdegges
Yo Paul,

I'm sorta biased here -- I work at Stormpath, so I think you should use us,
but I did want to mention what we do which I personally think is cool (I use
Stormpath myself for all my own side projects):

\- You can use us for SSO (something like having login.mysite.com).

\- You can use us to build your own user management system directly -- you can
build a registration / login page on your site, and in the backend, use our
open source libraries to create / manage / edit users on Stormpath.

\- You can use us to for 'hosted login' \-- basically when a user wants to
register / login to your site you redirect them to us, and we'll display your
own custom registration / login page, handle the authentication, then send the
user back to you (new feature).

\- We have social login (although we only support two providers atm: Google /
Facebook).

\- It's really easy to export your data out of us. I built a tool which does
is really fast / well: [https://github.com/rdegges/stormpath-
export](https://github.com/rdegges/stormpath-export)

\- Our framework integrations are top notch.

I've specifically been working on our framework integrations (check these
out!):

\- [http://flask-stormpath.readthedocs.org/en/latest/](http://flask-
stormpath.readthedocs.org/en/latest/) (Flask)

\-
[http://docs.stormpath.com/nodejs/express/](http://docs.stormpath.com/nodejs/express/)
(Express)

If you're using Flask or Express, there's no simpler way to do user
authentication (and if there is, let me know, so I can fix it!).

Anyhow, if you do end up rolling with Stormpath, and we don't work well, let
me know why. I'm not an owner or anything, but totally 100% love working on
the product here. I think it's the best solution out there. I'm r@rdegges.com
(personal) if you wanna chat.

~~~
vsergiu
Can you guys share your stack and how do you guys managed to build this
amazing product?

~~~
rdegges
Definitely! We actually write about it quite often -- we're fairly well known
in the security space.

You should probably check out / follow our blog:
[https://stormpath.com/blog/](https://stormpath.com/blog/)

------
vsergiu
I would recommend Userapp( [https://www.userapp.io/](https://www.userapp.io/)
). It has a lot of features and it is really easy to use. Also I have talked
via email with the guys making the service and they offer great support. I
only use a free version and not trying to advertise the service, but I really
think it is the best solution for side projects/early stage startup MVP

------
bikamonki
I am also doing research to select one such service and I believe the decision
point comes down to this: pricing based on user count vs pricing based on
activity (i.e. API calls). I think developers will chose the latter since you
can somehow program you code to limit API calls but you cannot determine
number of users in advance. So far Stormpath is winning b/c of this reason.

~~~
pauleddie
yeah I just seem to find number of API call to be more expressive to think
about, but that might be because I'm a dev and think in that way. Also knowing
I can easily buy more API calls enables me to make a nice graph of predicated
costs which logically increases with number of users rather than having to
jump up a tier of pricing.

------
mgonto
Hey,

Just as @rdegges said, I work on Auth0 so I'm a a little biased as well but I
can give you some insights about Auth0 and tell you why I personally like it
and why I joined the team.

\- Pricing: I agree with you that it's not 100% ideal. To be honest, we've
been fighting to make this clearer and easier. Our basic idea here is, don't
charge somebody who's starting to do something. Charge them once they have
enough users so that they can start getting money in, and only charge for
Users that actually USE your site (Users that have entered your site in the
last 30 days at least). But I'd love to get some feedback about it, if you're
willing to :). Why do you think it's confusing and how would you change it?

\- Features: I can enumerate all the features we have and all the ones I like,
but the easiest way for you to decide what's best for you is just to create an
account and try it out :). Put it in one of your projects. Follow the Quick
start guide on [https://docs.auth0.com/](https://docs.auth0.com/) and
integrate it to your app. Let me know then if this was easy and straight
forward enough for you :).

\- Data Export: We don't have anything in the UI right now to show how you can
export the data. However, our dashboard uses our API to show all of the
information you see there, so you can just use our API to export all of the
information in there. For example, for getting ALL of the users information to
save it, just call [https://docs.auth0.com/api#!#get--api-
users](https://docs.auth0.com/api#!#get--api-users) and get it :).

\- Why I joined Auth0: I work in Auth0 as a Developer Evangelist. The first
thing you gotta know for this position is that if you don't like the product
for the company you're joining, you're screwed :). What I love about it is
that we use ALL standards (JWT, Open Id Connect, SAML, OAuth, etc.) which
means that even if you don't like us after all, it's really easy to replace
us. Also, we have TONS of stuff Open Source. I love Open Source and Openness.
It's the way to go, and that's one of the main things I like about Auth0. Just
go to our Github and check it out.

I don't want to make this message sound as I'm selling Auth0 to you. I haven't
checked out Dailycred yet, but I do think Stormpath is also a good product. My
final recommendation would be, just try all of them out, and join the one you
feel more confortable with. If you have any feedback, please shoot me an email
to gonto@auth0.com or martin@gon.to.

Cheers :)

~~~
pauleddie
Hi, thanks for the response.

Part of my issue with your pricing strategy is that the way it is set out
seems to almost go against the reason for (me) using a third party for user
management, what I mean is that I just want users to be users, I don't care if
they log in with social or enterprise etc, having to think about my user
breakdown in that way is extra hassle and analysis that I really don't want to
have to do. The more dials and knobs I have to think about for users the more
complicated it gets for me. i.e. 'ok I use this plan if I have this many
social users, but this plan if my users are enterprise users or this plan if
etc'. And its kinda hard to tell what my user base will be until they turn up
:/

Honestly ideally I want a 'dial' (or maybe 2 dials ,apps and users or
whatever), whether that's API calls, unique users per month or whatever, I
just want to easily know if I get <X> visitors then how much will it cost me.

I had to sit and think when I looked at your pricing page....I was trying to
avoid doing that by throwing money at the problem :)

Hope that makes sense,

Paul

------
skram
You might want to look into [http://authrocket.com/](http://authrocket.com/)
as well.

