(no title)
nextweek2 | 1 year ago
I am starting up my own business, I have spent some time evaluating AuthKit and I can't justify investing time on it. Specifically, I want to target small to medium sized companies that want SSO built into my services.
The fact that the auth would be at an *.authkit.app domain is disconcerting, users would think they have been click-jacked because they have left the domain they were expecting. Your comment about custom domains costing because of Cloudflare is strange given how much CF charge verses the $99 per month cost you charge, there seems to be a big order of magnitude difference, since under the Pro plan they charge 10c per additional domain. Perhaps you have additional services behind that, but it seems strange: https://www.cloudflare.com/en-gb/plans/ The "Powered By x" would actually be preferable, many people are used to seeing thing like that on payment screens.
Also, the SSO connectors being $125 per month per connection, rules out my target market. That is a lot in my market and it doesn't ease off as I grow, it's a fixed base cost. As I grow to 20-30 customers I'd be better off hiring a developer to implement the same features.
I get it that I am not the target market; that big businesses wouldn't bat an eyelid at that kind of costs. But for my purposes, I can't justify your costs. Good luck to you.
grinich|1 year ago
If you have the time and patience, you can also certainly build it yourself. There's no miracles here, just complex engineering and solving a thousand edge cases.
If you decide to use open source, make sure you quickly update dependencies so you're always running latest. Ruby-SAML had a major vulnerability disclosed last month and thousands of apps were affected: https://workos.com/blog/ruby-saml-cve-2024-45409