-
Notifications
You must be signed in to change notification settings - Fork 268
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Request: Plug and Play template #75
Comments
We used to have this (like ~5 years ago) using the ASP.NET Identity template as the base, but with every new version and all the changes made maintenance very difficult, so we stopped. But maybe with the ASP.NET Identity UI now packaged in their NuGet, this might be more manageable -- not sure. We might still need to override a page or two, though. |
If it helps, I personally wouldn't care about continuity with their template. Even if you had your own implementation, as long as I'd be able to get a plug and play, smart default solution cloned down and up and running quickly, that would be the bigger concern for me. |
Personally, I'd not really feel comfortable using the ASP.NET Identity template out of the box in prod -- I think there are too many things that don't work right. And so then that's not something we would provide -- doing a proper, production ready ASP.NET Identity project would be way more of an investment, and potential liability that's beyond what our core product is meant to focus on. |
Yeah this is one of the big roots of the issue. Getting something up an running takes a ton of work so it's a harder sell to leadership. Even from the dev side feels like reinventing the wheel instead of focusing on the specific business IP that brings value to the company.
Yeah, this is a different issue all together, but I wanted to at least throw this out there for consideration as it's a big barrier to entry and downside vs some others (e.g. keycloak) which does provide a lot out of the box. |
And that is not our product, so we won't be doing that anytime soon. There are lots of consulting organizations that have done their own work in this area and then sell their version of this as a package with support and their backing. Re: keycloak -- I don't know exactly what it does, but it's a "canned" thing, and that's pretty much the antithesis of what our design is all about. You get to code all of that stuff to work exactly the way you want with IdentityServer. So that's the tension here. |
Fair. I more meant that it's part of the equation to a functioning system that we would need to go live, but your point stands about being able to add an existing paid product. I could see that as a downside to some vs something that's included with what we'd already be paying for with duende, but it won't be an issue for everyone.
Yup, agreed, but if we had a canned base that we could easily customize that would be the best of both worlds and a huge differentiator for duende in the entire space. |
Following up on this thread -- are you looking for something developer focused, or production ready? Ah, looking above, you are looking for production it seems. The closest thing I have for you is that Rock Solid Knowledge has something like this, so perhaps that gives you want you want? https://www.identityserver.com/articles/getting-started-with-sso |
any feedback on that? |
Sorry I missed the notifications on these. Will need to deep dive it, but looks potentially solid. With that said, having something directly through your team and the actual product would be preferable for many I would think. Would also be an easier sell to leadership teams for a quick ramp up with a Duende system. |
Got to look at it a bit tonight. As far as I can tell, the product you linked is more like keycloak, which is fine but not quite what I meant with the OP. What I am getting at with this is to have a more robust template that gives us smart Duende Auth Server defaults with enough meat to actually go into prod quickly vs spending weeks or months building it manually. Again, I know it won't have everything but having the most common workflows on a template that we can quickly clone down and use as is or customize it to our needs, it would speed teams along immensely and be a big differentiator in the space. |
Could you compile a list what this template should have out of the box? |
Oh - and how you envision customization - and what do you think needs to be customized? |
You guys have done more prod implementations across orgs than me and would know better, but here's my initial brain dump on what I might want to be able to go live with day 1. If I think of anything else I'll try to come back and update this. Happy to answer an questions. FeaturesHere's a general list of features I'd expect, probably with some gaps I'm forgetting. I'd think these are in Razor or Blazor (Blazor might be best, see customization comment below). Theoretically they're even backed by api endpoints so teams could do something like a SPA UI but still leverage all the heavy backend flows needed, but I know that probably increases the lift substantially and wouldn't be needed for an MVP. You guys have parts of these already, but I want to try to put together a complete list. Account
I'd also guess that having CIBA and maybe device support would be useful for many, but I just haven't had to deal with that myself on projects so I don't know how common that is across the community. AdministrationI'd think in practice most teams would want to have a database based config, but maybe code based would be fine here? Regardless, having some supporting UI around config and managing as much of it as we're able to would be really useful.
DX
StretchI don't think these should block an MVP, but would be nice at some point
Customization Options
ExamplesI started trying to make one myself, much of it leveraging stuff from here or here, but there were still lots of gaps and it was too big of a lift for me to do on my own as I was out of my depth in a few areas. |
👋 guys just thought of this again. made a couple minor tweaks to the above, but think it mostly still holds. hopefully this is still in the cards at some point. as always happy to answer any questions |
hey i am just now coming in here .... way back i used identity server at one time. now i am in a new project and need to setup a new one. i think i have almost caught up on things and i do have one thing to add in here: so i have been using the "quickstart" and the first parts i found helpful. let the user set the data storage before creating the migration and the database. |
also unless i am mistaken the quickstart pulled in an old reference to v4 no i think that was me.... i may have by mistake pulled in the old stuff..... |
FWIW for me, I'd definitely prefer something without identity to start and maybe there's an extension of it down the road that includes it if there's enough ask. It would just add a lot more work and delay and complexity to something that's already a massive lift. And personally, I have no interest in maintaining identity info directly. |
Ah and herein lies part of the complexity :) Everyone needs/wants something different based on different assumptions and requirements, and given that we're a framework we can be utilized in a variety of ways. Of course, I think that's well understood. In any event, we have kept this issue open because it is still something we'd like to do something about as we have cycles available for it. Thanks! |
@brockallen and @pdevito3 in my case i need "something" to hold the user login info and it needs to be not Microsoft/google etc.... |
That's exciting 🙂 |
Hmm, wasn't really thinking before but yeah an inherent part of this is user management, so theoretically identity actually saves some time? So I guess up to the team on whatever's easiest I'd be open to. If that means having identity help with the heavy lifting then that's cool. Sorry hadn't really thought this all the way through when I commented earlier lol Regardless, yeah this is definitely a hard problem and everyone will have different thoughts, but at least having some kind of functional prof ready base to work from would be a major differentiator for y'all |
also i have a limited time, if i am not able to make this work i have to use other means.... there are also other id packages like auth0 but i am not sure what that costs ..... will have to check on options while i try to get a working proof of concept here.... |
i am reading the documentation for how to use the dotnet ef tool. i think i will get this working but it might be worth updating the quickstarts slightly. just give new users an option for if you want to put the data in one database that is not sql lite then do this.... just helps for the folks who want to just get a very basic system working with a database and not in memory data. yes we can figure it out .... but if the new developer is not familiar with how all the dotnet ef tools work it will help get started. |
What would you guys think of putting together a more detailed auth server template? Something we could essentially clone down, add some env variables, change some branding, and safely deploy something to prod. The ones you have are good starts, but still require a lot of time to set up for practical use vs something like keycloak.
Obviously there’s no one solution fits all, but getting together a ready to go common starter would go a long way. The less work it takes to get something up the easier it is for teams to bring it on and the easier it is to sell to leadership teams compared to more plug and play solutions.
The text was updated successfully, but these errors were encountered: