alt Hacker NewsAuth is a pretty classic case where it’s not hard to make your own account create/login form but it’s really hard to make a good one that does all the “right things”.
Replies
Authentication and authorization are important requirements for internal tools. Low-code platforms support authn/authz for app access. Building internal tools with code is much easier now with GenAI, but ensuring proper RBAC access controls remains a challenge.
I have been building https://github.com/openrundev/openrun to try and solve internal tooling deployment challenges. OpenRun provides a declarative deployment platform which supports RBAC access controls and auditing. OpenRun integrates with OIDC and SAML, giving your code based apps authn/authz features like low-code platforms.
This is a good example, but the build vs buy decision in this case also includes viable open source options, which become even more attractive when LLMs reduce the implementation + maintenance barriers.
I'd say it's relatively easy to make one that “does the right while also also the wrong things”. By wrong things I mean things that make it complicated enough to turn it insecure.
The advantage of third-party tools is that it's hard to get new features in there, so they retain their simplicity. You don't get some rando C-Level or IT guy demanding new auth features to make it messy.