To help the team contextualize why it is hard outside of the domain itself being hard, it would be great to see some code samples. Samples from other frameworks that are runnable. Most of these threads conflate everything under the auth banner and require 20 questions understand
the problem. It’s fine to rant but we want to make real improvements. After the rant please show the code. We need to understand the scenario, the exact scenario. Sharing code leaves less room for ambiguity.
As an example, in this thread, SPA could be an application where the front end is hosted by asp.net core or one where there’s 2 servers, the front end server and backend server. Those could be on the same domains or different domains.
There might be reasons why that’s the case but “auth is hard on .NET but is easier elsewhere” doesn’t help when there are no specifics. I have a hard time parsing the feedback because it’s hard to get clarity on what the *exact* scenario and requirements are.
We love the rants but we (the community) can be better about coming together and solving hard problems. Many of the engineers on this thread have solved many auth scenarios in their day jobs. We should be able to have the broader community benefit from that experience.
More docs , more samples, more features (potentially). I’m hoping to see more of this happen organically in the ecosystem.
To be clear, my rant isn’t denying that it’s hard, I just don’t know *what exactly* is hard and why it’s hard. I know we need “better docs”, but we don’t have specific enough feedback to make threads like these go away. I’d love to measure success by seeing the sentiment improve.
There’s no shame is taking long to understand this stuff, it’s complex. I still don’t understand all of it. I haven’t looked into the specifics of the OIDC protocol and all of the flows. That doesn’t make me think everything is terrible 😅 (maybe it is?).
. @dodyg we need an auth samples repo.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
