Most companies can get equivalent security and a better overall experience just using Google OAuth. The argument that you're having to pay for security features that should be available to everyone just doesn't compute for me if you offer Google/Microsoft OAuth, which most smaller companies are going to be using instead of Okta/etc to begin with.

If you really need SSO, it's probably because you're trying to manage massive amounts of user and do SCIM provisioning, etc. In which case, there probably will be some burden on the vendor to make sure that this all works smoothly or they'll pay a vendor (like us, I am biased as one of the Stytch founders).

We built an open source library, SAML Shield [1], to help companies secure their SAML implementations. And while hopefully this helps reduce the burden for teams maintaining in house SAML, the reality is that it definitely is a burden.

[1] https://samlshield.com/

> True multitenancy Many of the paid options you mentioned (workos, clerk, etc same goes for auth0) aren't actually multitenant, they've tacked on a concept of organizations to a user first data model. This presents some limitations as a result of users as the first class entity versus organizations, for example, membership across multiple organizations with different auth requirements (ie I can log into my personal with sign in with email/google but to log into a company account I need 2fa or SSO), multiple SSO connections per organization or a single SSO connection across multiple organizations (both common in enterprises where there's lots of M&A).

Happy to go into more detail on any of this or answer any specific questions you have!

this is a crazy take in the context of coding interviews. first, because it's quite obvious if someone is blindly copy and pasting from cursor, for example, and figuring out what to do is a significant portion of the battle, if you can get cursor to solve a complex problem, elegantly, and in one try, the likelihood that you're actually a good engineer is quite high.

if you're solving a tightly scoped and precise problem, like most coding interviews, the challenge largely lies in identifying the right solution and debugging when it's not right. if you're conducting an interview, you're also likely asking someone to walk through their solution, so it's obvious if they don't understand what they're doing.

cursor and copilot don't solve for that, they make it much easier to write code quickly, once you know what you're doing.

behavioral data like mouse movements, shortest path, etc is helpful but likely to result in less of a deterministic signal compared to device intelligence based on those signals of where and how the request is being made.

we'll have a more in depth blog post on what we're seeing with this next week too.

I was an early engineer at Plaid and I think it's an interesting parallel, financial data aggregators used to use more of a screenscraping model of integration but over the past 5+ years, it's moved almost fully to OAuth integrations. would expect the adoption curve here to be much steeper than that, banks are notoriously slow so would expect tech companies to move even more quickly towards OAuth and APIs for agents.

another dimension of this, is that it's quite easy to block ai agents screenscraping, we're able to identify with almost 100% accuracy open ai's operator, anthropic's computer use api, browswerbase, etc. so some sites might choose to block agents from screenscraping and require the API path.

all of this is still early too, so excited to see how things develop!

We support both a user changing their own email and with our embeddable admin portal, you get an out of the box flow where your customers' admins can update the email (and any auth setting) for other team members.

Comments URL: https://news.ycombinator.com/item?id=36777700

Points: 17

# Comments: 4

We have support for both magic links and google oauth as well as many more options, one of the benefits of going with a provider is that with one integration you'll be able to get more auth products as your auth needs expand and get more complex (ie 2fa with authenticator apps etc). We also handle all of the fun edge cases when it comes to things like email deliverability and ensuring that your magic links end up in your users primary inbox and don't get blocked by spam filters etc.

I'd love to answer any questions you have and help get you up and running with auth so you can get back to focusing on your product!

[0] https://stytch.com/

Comments URL: https://news.ycombinator.com/item?id=28568384

Points: 10

# Comments: 1

We’re working on adding more features like session management, WebAuthn, OAuth support, QR codes, and more in the coming months. Our docs and guides make it really simple to set up authentication for a new app or add additional features to an existing app.

Here’s more on why we’re building Stytch: https://stytch.com/blog/why-stytch/?utm_source=social&utm_me... Sign up today and try it out: https://stytch.com/?utm_source=social&utm_medium=hackernews&...

Would love any feedback and questions!