In-app integrated authentication solutions vs Authentication as a Service
Standard IdP solution
In-app authentication (aka Identity) solutions are part of the “main” application monolith. On the other hand, Authentication as a Service is a separate application. Where in-app authentication solutions don’t follow standards to the letter and are not certified for protocols like OpenID Connect or OAuth2, the AaaS solution we use as our primer is an open-source project ID4 which is OpenID Connect certified.
Where non-standard solutions use custom user stores that are hard to migrate, we implement standard ASP.NET Core Identity user stores that are easy to extend and migrate.
Small attack surface
Another thing I want to talk about is the attack surface. In-app authentication solutions have a huge attack surface. All those endpoints from the “main” application unrelated to authentication at all are bundled together with the authentication endpoints in the same application. That is a huge playground for bad guys on the application layer. On the database layer, there is no need for “main” application to have direct access to the Identity database. There is also no need for an Authentication solution to access any other databases but the Identity database. Authentication as a Service solution we implement has a small attack surface with a minimal number of endpoints in the application layer and a single database in the database layer.
Easy to scale-out
We know that separating your Authentication solutions from your “main” application is the best thing you can do to escape the in-app authentication scaling issues. You can scale up, scale-out, or put it in a Docker container. With in-app authentication solutions, it is hard to scale out. It doesn’t make any sense to put multiple huge “main” applications in parallel just to get more Authentication endpoints available for use. That is just insane and costs too much. You can scale up but that has a limit and a cost too.
How about creating failovers for Authentication endpoints to make sure that your users can authenticate and use your applications?
When we boil it all down our solution is ASP.NET Core web application running certified OpenID Connect Identity solution on an open-source stack. Of course, we add the necessary love and care to make it fit like a glove with all your applications.