OpenID enables Stytch passwordless authentication with Gluu Casa

Stytch is a developer-friendly authentication SaaS that makes it easy to use passwordless technologies to protect your applications.  At Gluu, we test a lot of authentication APIs. Stytch stands out in its ease of use. Seconds after you sign-up, you have client credentials and can start writing code to call their API. 

Initially, we wrote a Gluu Server authentication script to call their SMS OTP solution. Check the demo video here. Then in record time, we also built a Casa plugin to enable end-users to self-service manage their Stytch account, including a way to enroll, view, and delete devices. 

Check out the code in our Github docs. 

While it’s easy to call the Stytch API, it doesn’t mean you want to hard code web applications to do so.  It’s best practice to avoid tightly bundling authentication into your web application–whether it’s a call to a commercial API, or a database call to verify credentials.

For web applications and many mobile applications, you should consider using open standards for digital identity, like OpenID Connect or SAML.  In doing so, your organization can mix and match authentication solutions, implement adaptive authentication, enhance fraud detection techniques, and tailor security to protect systems according to their risk. 

Net-net… keep your Stytch API code in the Gluu interception scripts. If you are an enterprise, this will enable you to upgrade all your applications in one place.

Stytch is innovating the features in its platform rapidly.  Social login with Google and Microsoft is coming next.  Based on what they’ve done so far, they will make these new features easy to use, and well documented. The sign of a great product is when you don’t need support–everything just works. That was our experience so far with Stytch.  

To find out more about how to offer self-service management of multi-factor authentication technologies, visit Gluu Casa.