Not a technical question, more of a usage question from someone who has lightly skimmed Kratos' documentation: I'm putting together a small web app that will only allow social login. Is Kratos overkill for such a case? There won't be passwords, email registration, recovery, etc... but it looks like Kratos has a pretty comprehensive set of SSO providers baked-in, which is a really important metric for my project. Thoughts?

Are you using React/Vue for developing the web app ?

Yeah. React frontend, Micronaut backend

Ah I see… Nextjs has something called NextAuth which handles dozens of social logins and you can even add custom providers

Interesting, I'll look into that too

This is if you don't mind moving from using React to React Based Next.js on the frontend side

I wouldn't love that but it might be worth it

https://next-auth.js.org is a library made to work with Next.js

Have you used both? How does it compare to Kratos?

I have used both. NextAuth probably works well in your usecase because you plan to not use Recovery/Registration etc and NextAuth doesn't provide those capabilities.

Interesting, thanks for the input!

No problem. I have also tried just integrating external identity providers with an SPA before. It's not easy. Kratos provides a SPA api as well which is nice but probably overkill for your situation since you don't plan to use all of its capabilities.

That's good to know, I have limited experience integrating with OAuth providers so it's hard to judge the level of effort required there

I spent a lot of time and effort trying to integrate an external OIDC with a SPA and in the end migrated my app to use Next.js + NextAuth.

Thanks for sharing that, you've spared me from learning the challenge of that the hard way

No problem 👍🏼 Yes Nextjs does support client side rendering as well. However NextAuth works on the server side. OAuth integration is mostly server side and NextAuth saves a lot of time for you because all you have to do is wire up the config file for NextAuth

Hmm, I was hoping to be able to throw my SPA in S3 and just use servers for API calls. SSR would really complicate that. Does Next mandate using Node?

Unfortunately NextAuth requires that you run it using Node. So AWS S3 won't be enough 😞

Bummer

Maybe a docker image and fargate?

Yeah, if I'm using microservices then a Node server wouldn't really cost anything more than a Kratos server would anyway

No problem. Glad my info was helpful 🙏🏼

@User I'm back! So I took your advice to heart and drafted out a redesign of my architecture utilizing NextAuth. It's a lot simpler than Kratos, but this seems like a blessing and a curse. I've looked over some of the code and it seems like their review process is not as rigorous as I would hope for an auth library. On the other hand, I literally cannot read the Kratos code no matter how I try (not learning Go has caught up with me 😆 ) so I only assume that the project is as diligently managed as it seems

Ah sorry, I had to re-read our conversation to catch up 😆 Hmmm... well since you mentioned that it is security-critical, using Kratos only for social login is probably overkill but is doable. There is an official NextJS integration sample repo. You can use that as starting point for application. https://github.com/ory/kratos-selfservice-ui-react-nextjs Although the above sample application implements all the flows provided by Kratos, you can remove them and implement only the social login part 👍

Thanks for the input!