A Deep Dive into Mobile SDKs for App Native Authentication: A Competitor Analysis
Asgardeo Android Core Auth Direct SDK Development Journey — Episode 1
In today’s user-centric world, providing a user-friendly authentication experience is essential for organisations. While browser-based authentication is commonly used for its security and reliability, it can lead to suboptimal user experiences when accessed via mobile devices. To address this issue, identity providers offer various methods to support app-native authentication.
Asgardeo recently introduced a new feature to support native app authentication through our own API-based authentication. My task was to develop an Android SDK for this feature. In this article series, I will share my development journey.
In today’s episode of this development journey, let’s explore the competitor analysis phase of this journey. We did this analysis to understand how to structure our SDKs. Specifically, we aimed to determine whether we should focus on native technologies or jump directly into the development of cross-platform SDKs. Additionally, we considered how we can best store these SDKs.
Competitors
In this competitor I conducted analysis of the following competitors on their approach for app native authentication, and how they have developed their mobile SDKs to support app native authentication.
- Supabase
- Amplify
- Auth0
- Frontegg
- Rownd
- Firebase
- Curity
- Asgardeo
Supabase
Technologies Supported:
Available as:
- Authentication UI kit.
- Core functionality SDK for Flutter and React Native (using the js core that is used for React).
Theming:
- Customisable with plain Flutter components.
Repository Management:
- Separate management for core SDK and auth UI.
Amplify
Technologies Supported:
Available as:
- Authentication UI kit.
- Core functionality SDK (Developer has to manually call them).
Theming:
- For the UI kit, we can directly change them by creating a custom theme.
Repository Management:
- Separate management for main SDK and auth UI
Auth0
Technologies Supported:
Available as:
- Core functionality SDK (Developer has to manually call them). Does not support app native authentication, still uses a browser redirect.
Theming:
- Since the authentication happens through a browser no internal theming is provided.
Repository Management:
- Separate management for each SDK.
Frontegg
Technologies Supported:
Available as:
- Core functionality SDK (Developer has to manually call them). Does not support app native authentication, still uses a browser redirect.
Theming:
- Since the authentication happens through a browser no internal theming is provided.
Repository Management:
- Separate management for each SDK.
Rownd
Technologies Supported:
Available as:
- Core functionality SDK (Developer has to manually call them). Opens the Rownd sign-in dialog for authentication. Does not support app native authentication, still uses a browser redirect.
Theming:
- While most customizations are handled via the Rownd dashboard, there are a few things that have to be customized directly in the SDK.
Repository Management:
- Separate management for each SDK.
Firebase
Technologies Supported:
Available as:
- Have a separate UI library that the developer can easily get started with.
- Have a different SDK which only exposes the core functionalities (Developer has to manually call them).
Theming:
- Limited customisation on the prebuilt UI SDK, but the FirebaseUI is open source, the developer can fork the project and customise it exactly to their needs.
Provide these UI components from the UI SDK
Repository Management:
- They manage their core authentication SDK and ui-kit SDK separately and ui-kit uses the core authentication SDK to inject the authentication logic to the ui-kit SDK.
Asgardeo
Technologies Supported:
- Android (Depereacted SDK)
Available as:
- Core functionality SDK (Developer has to manually call them). Opens the in app browser for authentication. Does not support app native authentication, uses a browser redirect.
Theming:
- All customisations are handled via the Asgardo console, no customisation is supported from the SDK.
Implementation Details
- Have used the App-Auth library.
Learnings from the Analysis
- Despite the modern trend favouring cross-platform technologies like Flutter and React Native, most identity providers have focused on native technologies (Android and iOS) when developing their SDKs. Therefore, it’s sensible for us to prioritize native technologies in the development of our new SDKs.
- Many competitors have developed two separate SDKs for each platform, with one focusing on core functionality and the other serving as a UI kit built on top of the core SDKs. However, organizations opting for app-native authentication are unlikely to use a UI kit, as they would prefer to develop their own UIs using a core SDK. Hence, while providing a UI kit is beneficial, it should not be the priority; instead, the focus should be on developing a robust core SDK to cater to a wider audience.
- In terms of repository management, most competitors have chosen to manage each of their SDKs separately. However, this approach has drawbacks, as making changes to one SDK requires updating each separate repository, leading to increased build times and effort. To streamline the development process, we have opted for a monolithic approach, storing all SDKs in one repository. While distributing each SDK separately may require additional effort, this can be managed by implementing separate GitHub actions for each technology.
Conclusion:
This competitor analysis has provided valuable insights that were previously overlooked in the development process. In the next episode of our development journey, we will explore how to incorporate these learnings into action.
Disclaimer
These findings were compiled in April 2024 and may have changed by the time you read this article. Additionally, there is a possibility that we may have overlooked some details in this competitor analysis. If so, please feel free to provide feedback so that others can benefit from it.
Furthermore, while every effort has been made to ensure the accuracy and reliability of the information provided, the author cannot be held responsible for any negative consequences or outcomes that may result from the use of this data. Users are advised to conduct their own research and verification before making any business decisions based on the information presented here.
Asgardeo Android Core Auth Direct SDK Development Journey Episodes
Episode 1: A Deep Dive into Mobile SDKs for App Native Authentication: A Competitor Analysis
Episode 2 : Building Blocks: Learnings from the Competitor Analysis
Episode 3: Architecture: Asgardeo Android Core Auth Direct SDK for App Native Authentication
