https://supertokens.com/ logo
Join Discord
Powered by
https://www.ory.sh/oauth2-openid-connect-do-you-ne...
# support-questions
n
https://www.ory.sh/oauth2-openid-connect-do-you-need-use-cases-examples/ Hello folks, I wanted to get the team's opinion on a criticism of supertokens in the above article. I am putting a screenshot of the relevant section for reference
r
hey @NordicSaksham
thanks for pointing this out!
So we are not an OAuth 2.0 provider and should not be treated or used as an OAuth 2.0 provider, instead, we have our own protocol for session management. In this protocol, we use the term access token and refresh token since that's what most accurately describes them. We are also not an Open ID client (since that's a protocol that's usually used on top of OAuth 2.0). However, we have a few parts of it like exposing a JWKS URL. So in the realm of our session solution, it is a custom one, but that's cause it's use case is totally different than OAuth 2.0's use case (see https://supertokens.com/blog/oauth-2-vs-session-management) Finally, we do plan on become an OAuth 2.0 + Open ID provider. Once we have those, then we will be sticking to those standards. But since their use case is different that session management, we will continue to offer our custom session solution as well.
n
Thanks alot for answering the question @rp !
b
Just wondering when this will start? I notice that being an OIDC provider is the second most voted item on the roadmap, second only to building a user management dashboard. I see that other less-voted items are being worked on also. When will OIDC provider work commence? Until this comes out, my best plan is to use Auth0 for my project and hope that you guys finish this before Auth0 becomes super expensive for the number of users. If this doesn't come out before then, we may have to use something like KeyCloak to save us from the cost of Auth0.
r
Hey @Brian.Mc this will be worked on sometime next quarter.
4 Views
PreviousNext
Powered by