what are the rate limits of SSO providers when using the Kinde credentials?

what are the rate limits of SSO providers when using the Kinde credentials, for let's say e.g. google? Because I feel like for small apps I could just use Kinde's oauth credentials instead of setting up my own, no?
6 Replies
dachsteinhustler
dachsteinhustlerOP3mo ago
Thanks, I also asked the AI already: https://discord.com/channels/1070212618549219328/1295390833557639169/1295390909751627786 It doesn't answer the question what are the rate limits though.
CB_Kinde
CB_Kinde3mo ago
Hi @dachsteinhustler I can look into updating the docs with this info. However, we don't encourage the use of Kinde credentials - regardless of limits. Is there an issue with setting up the apps in google, etc?
dachsteinhustler
dachsteinhustlerOP3mo ago
it's just more work to set up the different apps and get them verified and my colleague wanted to skip this step. But sure, if you all say it's important we'll do it. Why is it not encouraged though? Because the docs and here people say "it's not advised", but what's the reason actually (I'm not the best with OAuth best practices yet)?
CB_Kinde
CB_Kinde3mo ago
Here's a couple of reasons, let me know if you need more: - If you use our credentials and then decide to move to another auth provider, all your users will be forced to re-authenticate, disrupting their experience. - If we, Kinde, decide to change a config for one of the SSOs, rotate keys, etc. It could break your app. - It is a poor security practice to rely on credentials that are not yours.
ev_kinde
ev_kinde3mo ago
@dachsteinhustler it's better when you create the applications you own for multiple reasons: - in case Kinde-provided application stops working for some reason (banned by the provider for example), your users will not be able to authenticate until we fix it on Kinde's side. With your own application, not only the risk of this happening is smaller, you are also in the full control of any visual customizations the provider gives you. One of those, for Google for example, you'll see your application's logo and the domain instead of kinde.com. - another reason, for Apple for example, if you use Kinde-provided application, you wouldn't be able to migrate users from Kinde app to your app, as Apple just doesn't provide this as an option for the subset of users. Rate limiting doesn't change depending if it's your application or Kinde provided it, the only change is risk that you are decreasing by creating your own apps.
dachsteinhustler
dachsteinhustlerOP3mo ago
Great thank you guys for the in-depth explanations and examples!
Want results from more Discord servers?
Add your server