Hey everyone - Clerk cofounder here. We're frequent readers of HN ourselves and have enjoyed the spirited debate about stateless-vs-stateful auth over the years.
The consensus we reached is that stateless auth is good, but the amount of development required for _secure_ stateless auth is prohibitive.
We built our session management service to make stateless and revocable auth incredibly easy to implement. The tokens are short-lived and we handle all the refresh automatically with our SDKs. A real-time demo of that is available here: https://edge.clerk.app
If your company could benefit from shaving some milliseconds off your authentication check, or if you'd like to add device management and revocation to your application - we'd love to chat!
Today our session management product is still coupled with our user management product, but that will change soon!
The consensus we reached is that stateless auth is good, but the amount of development required for _secure_ stateless auth is prohibitive.
We built our session management service to make stateless and revocable auth incredibly easy to implement. The tokens are short-lived and we handle all the refresh automatically with our SDKs. A real-time demo of that is available here: https://edge.clerk.app
If your company could benefit from shaving some milliseconds off your authentication check, or if you'd like to add device management and revocation to your application - we'd love to chat!
Today our session management product is still coupled with our user management product, but that will change soon!