Readit Newsaeneas_ory commented on Show HN: Tesseral – Open-Source Auth github.com/tesseral-labs/... · Posted by u/ucarion
When Ory came out I was excited because they have a solid product that is made in Go, however their lack of multi-tenancy that didn't require setting up servers for each tenant made them a non-starter
I just had to implement 2FA on our homegrown auth, and I can't wait to replace it with Tesseral
To put this into some context: Ory as a product has grown a lot since then, and while it‘s not possible to have „logical user-pool multi-tenancy“ (logical in the sense that it‘s not running multiple instances) on the open source core alone, it certainly is possible on any of the paid-for options!
And generally speaking , there are a couple of examples out there that use the OSS core for multi-tenancy with the deployment scenario, but usually for a finite amount of tenants.
Our thinking behind this is that mostly direct competitors would need true multi tenancy, where every tenant has their own user pools, configs, URLs and so on.
aeneas_ory commented on Show HN: Tesseral – Open-Source Auth github.com/tesseral-labs/... · Posted by u/ucarion
Congrats on the launch Ulysse - impressive what you have been able to spin up with limited resources! Greetings from Ory :)
Apparently Firefox is blocked `Failed to verify your browser - Vercel Security Checkpoint`.
Resolved, Vercel thought we are being DDoS’ed!
From what I can tell, Ory is a high quality auth stack capable of scaling up.
If you're looking for something a bit simpler to work with for indiehosting use cases, I maintain a list here:
https://github.com/lastlogin-net/obligator?tab=readme-ov-fil...
The list is really helpful for people to navigate, and here is additional context to the complexity topic :)
If you use our managed services (https://console.ory.sh), it is easy to set up and scale because we have a bunch of defaults, UIs, and the security stuff all set up already.
If you run it completely on your own, which does require some skill especially in terms of (security) incident response, it is more work because you have to figure out a few pieces yourself (the stack is agnostic to the environment).
We have an option for self hosting with all the stuff we have built for the SaaS, but it only makes sense for businesses of a certain size.
Complexity also depends on how many services you combine, some people try to use everything at once and it's overwhelming.
What’s making Ory complex for people who do it by themselves, is that Ory is 3 different API first products that work stand alone or in concert. To wire this up, one requires understanding of every service. Here it is easier to spin up a cloud account, or use an alternate project which is e.g. just one docker container.
Maybe you guys should make it possible to add passwords to any account, including a Google authed one.
Like I get Keycloak is complicated but it is also very useful.
That is definitely possible when you use our identity product, which is also open source: https://github.com/ory/kratos
There you can combine all authentication methods in any shape or form you wish!
Funny, OpenAI is one site where I've noticed that the login is kinda wonky. Every so often it just randomly fails, gets stuck, gets caught in a redirect loop... That may not be Ory's fault, but unfortunately this may not be the ringing endorsement they were hoping for.
If you could share a HAR file (stripped of credentials of course) or a screenshot of your network tab when it happens, we'd love to take a look and figure out what's going on! If it's reproducible even better.
You can send it to aeneas at ory.sh. It may not be OAuth2 related, and I'd like to make sure.
In my view this is an antipattern of AI usage and „roll your own crypto“ reborn.