https://www.ory.sh/ logo
#talk-kratos
Title
# talk-kratos
m

millions-van-11508

01/29/2022, 10:50 PM
Not a technical question, more of a usage question from someone who has lightly skimmed Kratos' documentation: I'm putting together a small web app that will only allow social login. Is Kratos overkill for such a case? There won't be passwords, email registration, recovery, etc... but it looks like Kratos has a pretty comprehensive set of SSO providers baked-in, which is a really important metric for my project. Thoughts?
For a little more detail: the rest of the project would use DynamoDB, so Kratos would have to have a relational database all to itself. My primary alternative is implementing all the social logins myself, which doesn't sound fun.
b

bulky-architect-22083

01/29/2022, 11:43 PM
Are you using React/Vue for developing the web app ?
m

millions-van-11508

01/29/2022, 11:43 PM
Yeah. React frontend, Micronaut backend
Eventually the app will need probably a dozen different social logins, some of which are not implemented in Kratos
I'm not sure how extensible the "generic" provider is
b

bulky-architect-22083

01/29/2022, 11:45 PM
Ah I see… Nextjs has something called NextAuth which handles dozens of social logins and you can even add custom providers
m

millions-van-11508

01/29/2022, 11:45 PM
Interesting, I'll look into that too
b

bulky-architect-22083

01/29/2022, 11:46 PM
This is if you don't mind moving from using React to React Based Next.js on the frontend side
m

millions-van-11508

01/29/2022, 11:46 PM
I wouldn't love that but it might be worth it
b

bulky-architect-22083

01/29/2022, 11:46 PM
https://next-auth.js.org is a library made to work with Next.js
m

millions-van-11508

01/29/2022, 11:47 PM
Have you used both? How does it compare to Kratos?
Yeah that's a good number of providers they have
b

bulky-architect-22083

01/29/2022, 11:48 PM
I have used both. NextAuth probably works well in your usecase because you plan to not use Recovery/Registration etc and NextAuth doesn't provide those capabilities.
Kratos on the other hand is a full fledged identity provider and useful if you want Self service registration etc and integration with external identity providers.
m

millions-van-11508

01/29/2022, 11:50 PM
Interesting, thanks for the input!
👍 1
I haven't used SSR before and don't love the idea but I'll look into it
👍 1
b

bulky-architect-22083

01/29/2022, 11:53 PM
No problem. I have also tried just integrating external identity providers with an SPA before. It's not easy. Kratos provides a SPA api as well which is nice but probably overkill for your situation since you don't plan to use all of its capabilities.
m

millions-van-11508

01/29/2022, 11:54 PM
That's good to know, I have limited experience integrating with OAuth providers so it's hard to judge the level of effort required there
I momentarily even considered using Auth0 because they have such a comprehensive list of providers but damn their pricing model is predatory
It looks like Next.js supports client-side rendering, which is news to me. So maybe I don't have to redesign my architecture to fit SSR. Have my cake and eat it too perhaps.
b

bulky-architect-22083

01/29/2022, 11:56 PM
I spent a lot of time and effort trying to integrate an external OIDC with a SPA and in the end migrated my app to use Next.js + NextAuth.
m

millions-van-11508

01/29/2022, 11:57 PM
Thanks for sharing that, you've spared me from learning the challenge of that the hard way
b

bulky-architect-22083

01/29/2022, 11:58 PM
No problem 👍🏼 Yes Nextjs does support client side rendering as well. However NextAuth works on the server side. OAuth integration is mostly server side and NextAuth saves a lot of time for you because all you have to do is wire up the config file for NextAuth
What's unique about Kratos though is that it has a SPA api as well. Unfortunate that you won't be using all of its capabilities and hence my suggestion to use Nextjs and NextAuth🙏🏼
m

millions-van-11508

01/29/2022, 11:59 PM
Hmm, I was hoping to be able to throw my SPA in S3 and just use servers for API calls. SSR would really complicate that. Does Next mandate using Node?
I really like Node but I'm not using it for this project
b

bulky-architect-22083

01/30/2022, 12:00 AM
Unfortunately NextAuth requires that you run it using Node. So AWS S3 won't be enough 😞
m

millions-van-11508

01/30/2022, 12:00 AM
Bummer
b

bulky-architect-22083

01/30/2022, 12:00 AM
Maybe a docker image and fargate?
I am not well versed with AWS services unfortunately
m

millions-van-11508

01/30/2022, 12:01 AM
Yeah, if I'm using microservices then a Node server wouldn't really cost anything more than a Kratos server would anyway
Still, serving static content is way cheaper than calling a service for every render
Hmmm, you've given me a lot to think on but I'm 10x more informed than I was a few minutes ago, so I appreciate that
I've gotta run but I'll be back later if you have anything else to add
Thanks!
b

bulky-architect-22083

01/30/2022, 12:03 AM
No problem. Glad my info was helpful 🙏🏼
https://nextjs.org/docs/deployment#docker-image Nextjs docker build instructions in case you decide to go that route.
m

millions-van-11508

03/04/2022, 5:52 AM
@User I'm back! So I took your advice to heart and drafted out a redesign of my architecture utilizing NextAuth. It's a lot simpler than Kratos, but this seems like a blessing and a curse. I've looked over some of the code and it seems like their review process is not as rigorous as I would hope for an auth library. On the other hand, I literally cannot read the Kratos code no matter how I try (not learning Go has caught up with me 😆 ) so I only assume that the project is as diligently managed as it seems
anyway, long story short, I'm wondering, based on your experience, whether you think Kratos would be more appropriate for a security-critical application – even though I still wouldn't be making use of anything but social login
b

bulky-architect-22083

03/04/2022, 6:47 AM
Ah sorry, I had to re-read our conversation to catch up 😆 Hmmm... well since you mentioned that it is security-critical, using Kratos only for social login is probably overkill but is doable. There is an official NextJS integration sample repo. You can use that as starting point for application. https://github.com/ory/kratos-selfservice-ui-react-nextjs Although the above sample application implements all the flows provided by Kratos, you can remove them and implement only the social login part 👍
m

millions-van-11508

03/04/2022, 7:13 AM
Thanks for the input!
👍 1
3 Views