Supabase used to be my go-to but wondering if there are any easier out of the box solutions I haven't looked into. I'm investigating Clerk and have asked LLMs but curious to get the real take on what's working and what's easy from devs that actually have skin in the game.
WorkOS powers auth for OpenAI, Anthropic, Cursor, Vercel, Perplexity, Clay, Webflow, Granola, and a bunch of others. Free up to 1m users, you pay for enterprise features.
I'm the founder and happy to help. We've differentiated by focusing on "b2b auth" via SAML/SCIM, but today we do everything else. We also have products for feature flags, encryption, bot blocking, MCP auth, etc.
Recently I moved to WorkOS for modulus.so. love your product.
MCP auth and feature flags are two feature that got me in. I also like that it's flexible enough for me to write custom logic in auth flow - which a lot of providers tries to abstract.
This is awesome - I had heard the name floating around but didn't realize how permissive your free tier was. I'm using Clerk for my new project https://thoughtprint.space/ but might switch it over to WorkOS.
The obvious answer would be use oauth and base it on one of the main providers such as Google, Microsoft or Meta.
However starting from last year, due to the fact that these companies are becoming too dominant and I don’t trust them anymore I started applying a philosophy of avoiding to depend on them as much as possible unless customers explicitly require to use their services, for this reason we opted to always have our own solution and if needed integrate it with 3rd party solutions, this way we are not slave to FAMGE companies and we have full control over our product, it’s a small drop in an ocean but at least I sleep with more inner peace knowing that I am still contributing to the distributed architecture of internet.
Sounds crazy, potentially less secure, and time consuming but still, I prefer this approach.
Microsoft already F** Us by buying GitHub, others by stealing accumulated knowledge of stackoverflow, and forcing everybody to be AI dependent because they poured billions in it… I am not letting it happen again.
That's ok for enterprise stuff where revenue per user is high. I'd hate to lose a 5/6 figure deal because I have to spend time rolling out some sort of enterprise auth solution for a client.
I'm the founder and happy to help. We've differentiated by focusing on "b2b auth" via SAML/SCIM, but today we do everything else. We also have products for feature flags, encryption, bot blocking, MCP auth, etc.
Fun fact, we actually launched on HN in 2020 :) https://news.ycombinator.com/item?id=22607402
MCP auth and feature flags are two feature that got me in. I also like that it's flexible enough for me to write custom logic in auth flow - which a lot of providers tries to abstract.
Claude Code can often one-shot it. Feel free to reach out if I can help!
However starting from last year, due to the fact that these companies are becoming too dominant and I don’t trust them anymore I started applying a philosophy of avoiding to depend on them as much as possible unless customers explicitly require to use their services, for this reason we opted to always have our own solution and if needed integrate it with 3rd party solutions, this way we are not slave to FAMGE companies and we have full control over our product, it’s a small drop in an ocean but at least I sleep with more inner peace knowing that I am still contributing to the distributed architecture of internet.
Sounds crazy, potentially less secure, and time consuming but still, I prefer this approach.
Microsoft already F** Us by buying GitHub, others by stealing accumulated knowledge of stackoverflow, and forcing everybody to be AI dependent because they poured billions in it… I am not letting it happen again.
I'm curious to explore some alternatives for enterprise auth like Clerk, but haven't yet.