authentication and authorisation can go fuck itself
why are there so little decent documentation on how to build an IDP
or implement OAuth2.0
dammit
maybe it’s just ASP.NET core and blazor
but fuck this

Blazor *is* a pile of shit, to be sure.

Take a look at Identity Server. It's not great, but it's there.

@SortOfTested was on identity server
worked out pretty well till i found out that they’re going paid so ditched it and went to openiddict

but even openiddict documentation is kinda outdated

@SortOfTested blazor was definitely shitter than i thought it would be
but i’m trying to find something more interesting than ts with react
do you have any suggestions?

@qinguan
I'm partial to angular, since it provides a familiar experience paradigmatically for .net devs. But if you're not super up on TS, might want to start small with react or similar.

@SortOfTested nah, i did react for quite a while and it’s been getting abit plain, so i wanna find more interesting things

blazor was interesting because csharp and spa compared to mvc

im kind of avoiding using js/ts now so i can learn some other languages

would’ve used rust if their front end web support was better lol

@qinguan
F# and fable is fun, but a bit more fiddly

.Net core?

@zemaitis hmm?

@qinguan https://youtu.be/nyUD-CeBSiE

@zemaitis yeah, i’ve been on identity server but want to move onto openiddict since they’re stopping support after 2021 iirc

OAuth2 is also a piece of crap.

@Root understanding is on one level, implementing it is on another level that i have yet to figure out

@Root but yes it’s annoying as fuck

@Root what do you suggest then?

Curious if you've tried authentication services like Auth0, AWS's Cognito, Octa, etc.?
I would trust their services more than something I've built myself

@zemaitis Honestly? Not using a cloud ID provider at all, or rolling your own if you actually need it. They aren’t terribly complicated, though they are annoying to implement.

But the upsides? Less tracking, less dependencies, less over-engineered mess, less headache. What’s the downside? users can’t sign in with google or facebook? Oh darn.

@Root I cant imagine running modern apps with no social logins

@zemaitis ah, discord

@dan-pud yeah, but i wanted to see how to build one so... what have i gotten myself into
also, less reliance on other providers

You shouldn't try to implement unless It's for learning imo. It's better to spin up an instance of KeyCloak or similar service on the Backend and just use it as a resource server to get identify, authenticate and authorize.

Then for frontend you can surely find npm packages that handle it for your platform

Been trying to work with OAuth2 but it's pretty retarded as well...

It's only half a standard basically...

300 endpoints you need to keep track of for each provider...

Then the entire grants system is a pain to work with as well...

Take a look at FusionAuth, it's free and self hosted http://fusionauth.io/

I use simple jwt or cookie based authentication and policies for authorization without touching identity server(which I despite).
What's so difficult about that?

@h4xx3r maybe next time go and post in 2010 rant?