anyone here migrated from auth0 to descope? how did you approach it?
Posted by Tr0jAn14@reddit | ExperiencedDevs | View on Reddit | 9 comments
auth0 pricing + limits are starting to feel a bit restrictive for us, so exploring descope but migration looks non-trivial, especially around users + auth flows. Im kinda curious if anyone here has actually done it:
1/ how did you handle user migration? (passwords, forced resets, etc)
2/ did you rebuild flows from scratch or map them over?
3/ any issues with sessions / tokens during the switch?
4/ how was descope’s sdk + docs in practice?
ALSO BRANDS DONT PLUG UR TOOLS AS AN ALTERNATIVES.
Individual-Brief1116@reddit
auth0 pricing is just brutal
Big_Bed_7240@reddit
Here’s how I did it with zero downtime:
Request passwords from auth0. Needs a written sign-off from VP or higher.
Import into new auth provider right before you plan to start the migration. There will be some password drift here but you are aiming for good enough here, not full coverage. Let users know that you are migrating and that they might need to reset their passwords.
Setup your new auth provider as an external IdP in auth0.
Use HDR with Identifier First to enable your IdP dynamically based on domain.
Roll out internally first based on your domain. Then slowly start to roll out for your customers.
Once at 100%, swap over to new auth provider.
Good luck!
Capable-Morning-9518@reddit
yeah I know this
03263@reddit
lol I recommended using auth0 when they wanted SSO. No, too expensive. Implemented our own IDP.
crap-with-feet@reddit
Unless you’re using a well-maintained library or product for the OAuth2/OIDC layer, and you’re not an author for any of the relevant RFCs, I guarantee your implementation is crap.
Source: 2 decades in the Identity space
03263@reddit
We used this https://simplesamlphp.org/
Pretty dated looking code but it has been around for a while and gotten many security fixes so it's probably alright
hurley_chisholm@reddit
It’s legitimately tough out here for us with cash-strapped orgs with a high need for sophisticated IdP + IdV and understaffed teams. I don’t get to choose my customers either since I’m in public sector. I have to make sure my tech-challenged folks with limited internet access can prove their identity (almost) as easily as a hyper-connected person with a mobileDL.
I’ve seen how hard it is to roll your own and the challenges of properly integrating a vendor. I’m not sure where to go right now given that auth0 meets the requirements but is too expensive for our needs. Id.me has questionable business and data handling practices and login.gov has been starved into stasis.
I’m not looking for answers or sympathy. Just noting that even when you want to do it right, sometimes it seems impossible.
venktesh@reddit
emmmm OKTA /s
PrydwenParkingOnly@reddit
How popular did you think your question was going to get? :D
I’m curious what limits are you encountering, besides pricing?