Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

IdentityServer4 vs Auth0

Tags:

auth0

identityserver4

We want to build a central authority to do authentication and authorization for our various applications (.net). We see IdentityServer4 is open source and free, while Auth0 cost money. Does anyone use both of these? Can anyone provide suggestion which one to choose and why?

like image 872
martial Avatar asked Nov 01 '17 15:11

martial

People also ask

Is IdentityServer4 obsolete?

IdentityServer4 support will last until the end of life of . NET Core 3.1 that means till November 2022. In that way, Duende provides new documentation for the fifth service version. Pricing.

What is the use of IdentityServer4?

It's designed to provide a common way to authenticate requests to all of your applications, whether they're web, native, mobile, or API endpoints. IdentityServer can be used to implement Single Sign-On (SSO) for multiple applications and application types.

Is IdentityServer4 free to use?

About IdentityServer4IdentityServer is a free, open source OpenID Connect and OAuth 2.0 framework for ASP.NET Core.

2 Answers

IdentityServer is a library that implements various authentication (not authorization!) protocols and let's you consolidate access control into a single system. You can host it in a typical ASP.NET webapp, console app or anything else, as long as the HTTP endpoints are available. It also lets you store the user data anywhere you want, whether in-memory, databases, flat files, the asp.net core membership system, or anywhere else.

Auth0 is a company that provides a managed service that handles authentication for you. They run the infrastructure and provide access through their website and APIs. It's similar to having someone run IdentityServer4 for you and there are several competitors like Okta for Devs, AWS Cognito, Azure AD B2C, Google Cloud Identity/Firebase, and more.

Choose IdentityServer if:

  • You want free open-source software.
  • You have the time and effort to run it yourself.
  • You want to control the backing data store (SQL database, Redis, JSON file, etc).
  • You want to manage all the data yourself due to regulations, privacy, etc.
  • You need complete control and flexibility around what happens during authentication (for example, merging user accounts in your database when someone signs in). It's all just C# code so you can do whatever you want.

Choose Auth0 if:

  • You want to save time and effort on implementation and operation.
  • Price is not an issue (as it can get expensive for some features).
  • The limited customizations offered by Auth0 are enough for your app.
  • You want the other features they offer like password-breach monitoring.
  • You don't want to manage user data, or don't mind having it stored by them.

Update as of Oct 2020 - IdentityServer is now a product from Duende Software with a new commercial open-source license to sustain development. There are other alternatives like OpenIddict that are still free.

like image 56
Mani Gandham Avatar answered Sep 17 '22 14:09

Mani Gandham

Identity Server means building a server application to handle authentication and authorization, which can replicate what Auth0 does for OpenIdConnect (OIDC) there will be a few things to implement even if you use IdentityServer4. You will need to build that first, then integrate your application.

Auth0 allows you to integrate immediately with OIDC with additional & enterprise features.

like image 20
Mark Redman Avatar answered Sep 18 '22 14:09

Mark Redman
Sign in to Comment

Related questions

IdentityServer4 PostLogoutRedirectUri
How to call Identity Server 4 with Postman for login
IdentityServer4 - Using Refresh Tokens after following the Quickstart for Hybrid MVC
Identity Server 4 error "keyset is missing"
Adding external login with Identity Server 4 and ASP.NET Identity
IdentityServer4 + Asp.Net Core Identity - Map Identity to application database user
Identity server 4 with SAML 2.0 as external identity provider for SSO
How to get id_token along with access_token from identityserver4 via "password" grant_type?
How to Configure login UI for IdentityServer4?
Redirect URI sent as HTTP and not HTTPS in app running HTTPS
Getting DiscoveryClient fails with "Issuer name does not match authority"
Identity Server 404 after login (stuck on signin-oidc)
IdentityServer4 - Redirect to MVC client after Logout
Identity Server(OAuth2) implementation with integration to legacy systems(Forms Auth, ADFS,AD)
Scaling an IdentityServer4 service
How to create an identity server for users without consent page?
How to implement Windows Authentication with IdentityServer 4
Why is ClaimTypes.NameIdentifier not mapping to 'sub'?
How to configure key settings for IdentityServer in appsettings.json for aspnet core app running on IIS
User Registration Process with IdentityServer4

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!