Us vs Frontegg

[jscyo]

Questions:

• Can you easily add a custom social provider?
• How well do they support various platforms and SDKs?
• How can we go about customising the UI? From colours to full customisation
• How do we do things like handle sign up success?
• Social account consolidation?
• Can sessions be used with httpOnly cookies?
• Setting up for the two use cases of multi tenancy?
• If one needs to do something like paginating across all users in the app in their API, how can they do that?
• If someone wants to tweak the sign up / sign in APIs, how can they do that?
• How would adding custom sign up fields work?
• How would adding custom sign up validators work?
• Describe the dev setup experience (how many steps and what are they + time overall)
• How do go about sending emails yourself if you want to?
• How to go about customising the email design and or the sender's domain?
• How to implement sign out functionality?
• How to implement revoking a user's session functionality?
• What if you want to embed the sign up / in page into your website UI (As opposed to opening a new tab..). Is that possible?
• What are features that they provide that we don't?
• Will their solution work with serverless env like in nextjs or netlify?
• Email verification with Social providers, how does it work
• Changing Email for social provider, how it works
• if you want to add a password strength meter to registration, how does it work
• For social account consolidation, how does changing the email work.
• Multi tenancy, properly how it works, redirection works with the frontend
• RBAC, check properly, how to get the role of the user within the API for custom logic for both frontend and backend.
• Documentation review
• Changing password validation(or some similar feature) for sign up does this get propagated to other places(Signin, password reset)
• what are the supported databases
• Is there a mechanism for protecting routes (similar to the supertokens auth wrapper). How easy is it to protect multiple pages and - [ ] what does the code look like?
• If a session expires is there a pop-up? does the user have to handle it?
• mobile implementation, IOS and Android
• Email is not verified but password reset is done, does that verify email?
• implementation with ssr
• Migration to and away
• API customisability
• sharing session across sub domains
• Can you make the provider's frontend talk to your API instead of theirs? And then your APIs talk to their API.
• How to disallow sign up and only have sign in?
• Is it dev friendly?
• Anything about monetization and model?
• Would it be used by startups / developers or by mid stage companies / upmarket customers
• How does their session management work?
• Does it provide Email OTP as a feature?
• Can a user be re-authenticated when visiting a protected route?

[jscyo]

Setup:

Frontend:

1. Create an account on frontegg
2. No-code builder for frontend UI, ability to choose authentication method (password/passwordless), social provider customizations.
3. They allow you to choose between hosted and embbedded login
4. React setup invloves wrapping your app's root component with a wrapper their library provides.
5. Provides hooks for retrieving user context.
6. It adds a login and logout route

Can you easily add a custom social provider?

They dont seem to allow you to add custom providers. They currently only support Google, Github, Microsoft and Facebook with support for Gitlab and Linkedin coming later.
Their social login docs can be found here

How well do they support various platforms and SDKs?

Frontend:
They have support for React, Angular, Vue and Vanilla javascript
Backend:
They support Node, Python, .NET and php.
Their supported frameworks page can be found here

How can we go about customising the UI? From colours to full customisation

• Their ui can be customized from their dashaboard.
• Their customizations options available through their dashboard are very powerful, the css porperties of most elements in their UI can be changed from here
• Their customizations options include:
  • a choice between 4 themes(3 light 1 dark)
  • The ability to change the css attributes to all elements (including hover state, active etc...)
• These customizations can also be done programmatically through their frontend sdk

What if you want to embed the sign up / in page into your website UI (As opposed to opening a new tab..). Is that possible?

• Frontegg gives you the option out of the box if you would like to choose between embedded and hosted login
• more info can be found here

How do go about sending emails yourself if you want to?

• They dont allow you to use another service for sending emails. You have to use their own

How to go about customizing the email design and or the sender's domain?

• They allow for complete customization of the email themplate, sender domain, name and subject

what are the supported databases

• They dont have custom database support

Anything about monetization and model?

• In their free version you can have up to 5 organizations(tenants) authenticating each month with the following features
  • Login box
  • Social Sign-in
  • Passwordless Authentication
  • Admin Portal
  • Profile Management
  • User invitations
  • Roles and permissions
  • Account Settings
  • User notifications
• Their paid version allows for 25 organizations each month at $250/ month (extra $10/month per additional organization)
  • Everything in Starter plan, plus
  • Multi-Factor Authentication
  • Enterprise SSO ($50 / org / month)
  • Granular Security Policies
  • Machine to Machine tokens
  • Customer facing Audit Logs
  • Granular roles
  • Custom domain

Is it dev friendly?

• They have some really convenient features like they handle email sending and UI customization is very good.
• They dont have api customizability. They provide hooks which you can use to trigger some of your own flows but you cant chcange the logic of an auth flow/ api

API customisability

• No built in API customisability. They provide some hooks which can trigger your own workflows at certain events(User authenticated, User created etc...) but you cant change the logic of the flow

How would adding custom sign up fields work?

• They dont allow you to add additional fields

How would adding custom sign up validators work?

• You can only choose between 3 sets of password complexity (size of password/alphanumeric etc..)

Changing password validation(or some similar feature) for sign up does this get propagated to other places(Signin, password reset)

• not applicable since they dont allow you to have custom validation

How to disallow sign up and only have sign in?

• They have a toggle on the dashboard which disables signin

What are features that they provide that we don't?

• Multi-tennancy
• UI customization through dashboard
• MFA
• Authorization with RBAC
• SSO

Will their solution work with serverless env like in nextjs or netlify?

They have a nextjs library but their docs dont have guides specifying setup with nextjs or nestjs

if you want to add a password strength meter to registration, how does it work

The option to add custom elements to the UI is not available

How to handle user meta data?

• On speaking to support they confirmed that there was no built in way to add additional form fields. They said that its possible to add custom html to the footer or header of their form so it could be possible that way. On asking about user meta data their response was "yes, when updating the user you can edit the metadata field however you see fit (either by API or on the frontegg portal). the metadata is returned on the JWT after authentication so you should always have access to it" Have to test it in app to properly check how this solution works