Contenda used FusionAuth instead of rolling their own auth stack and saved “a lot” of time
Tamás Deme is a FusionAuth community member and engineering lead at Contenda. Grady Salzman is a FusionAuth community member and software engineer at Contenda. They chatted with us over email about how they and their team are using FusionAuth to meet their auth needs.
This interview has been lightly edited for clarity and length.
Dan: Can you tell me a bit about Contenda? What is the company’s mission?
Tamás and Grady: Contenda is a content creation tool designed to enable anyone on a team to take any video, such as a conference talk, interview, or demo, and turn it into effective written content. It features an easy-to-use upload, transformation, and customization system, a powerful API to automate content production pipelines, and is built specifically for developer advocates.
Dan: What are some examples of features/functionality that are useful specifically for developer advocates?
Tamás and Grady: Our platform is capable of grabbing and re-formatting code-snippets from videos, and we made sure our editor uses and works well with Markdown, which is generally preferred by the dev advocate community.
Dan: What is the company’s mission?
Tamás and Grady: To democratize and increase quality written content creation for users & organizations.
[Auth is] a gigantic headache to do on your own; it’s easy to get suffocated in a sea of edge cases.
Dan: Tell me more about democratization. Can’t anyone write good content? (Thank you, Tim Berners-Lee!) What am I missing?
Tamás and Grady: We believe that creating technical content should be accessible to everyone, no matter their experience level. What’s “good” is not necessarily clear cut, as at minimum it starts a discussion and provides an understanding of everyone’s point of view, which can then facilitate learning and correcting any misconceptions.
When we talk about quality we think about how accurately we can represent the original content we process, and make sure we don’t make up things the original creator never intended to say.
Dan: Tell me about your work as engineers at Contenda.
Grady: I am the front end engineer, and I am responsible for building out our web app. For this integration, I did anything that wasn’t backend. This included implementing the FusionAuth themes and hooking FusionAuth up to our web app.
Tamás: My job as the engineering lead is to drive the architectural, infrastructure and backend efforts at the company, and generally help the other engineers grow as the company grows.
Specifically for this integration process, I’ve mostly done everything that wasn’t the frontend – starting with analyzing and choosing an auth provider, to performing the required database and backend changes, and handling the migration and support now that we’ve launched.
Dan: How do you use FusionAuth? OAuth? User management? Social sign-on? Something else?
Tamás and Grady: We use FusionAuth for almost all of our user management needs, except maybe for our workspace management. This includes doing authentication for our web app and our API. FusionAuth handles standard email/password sign ups and social sign ups as well.
Dan: For your API, are you using the client credentials grant, or a JWT from the authorization code grant or something else?
Tamás and Grady: Right now we’re using the Application Authentication Token feature/API to get JWTs, although we might change that up in the future.
We appreciate that FusionAuth doesn’t have any “trap-like” pricing practices that could bite us when we happen to approach an arbitrary number of users.
Dan: From a user management perspective, do you interact with the FusionAuth admin UI or the APIs plus a custom app?
Tamás and Grady: Yes, that’s mostly correct. Our own tools for our own backend aren’t as sophisticated just yet, but we’ll get there.
Dan: What problems did we solve for you?
Tamás: To sum up, all of auth. Unless you’re a major player (and sometimes even then), rolling your own auth stack is probably a bad idea, so we’ve always been planning on looking for a reliable 3rd party provider to handle all this for us. It’s a gigantic headache to do on your own; it’s easy to get suffocated in a sea of edge cases.
Dan: How were you solving them before FusionAuth?
Tamás and Grady: In the past we’ve used a very bare bones, API key only sign-up system we put together in under a week.
While it served us getting our first 1000 users, we definitely needed something more robust, secure and user-friendly to get to the next magnitude of users.
Dan: What did you use for the first system? Was it framework based, a library, or something else?
Tamás and Grady: It was a completely custom implementation, just the very basics really.
We could’ve spent months working on a complex system, and any FusionAuth employee could still say “Look what they need to mimic a fraction of our power” after that.
Dan: Why did you choose FusionAuth over the alternatives?
Tamás and Grady: After we eliminated all the options we had to rule out due to technical limitations, the two main reasons were cost and “friendliness”.
While the price itself is one thing, by “friendliness” I mean both support and the pricing strategies down the line. We appreciate that FusionAuth doesn’t have any “trap-like” pricing practices that could bite us when we happen to approach an arbitrary number of users.
Dan: What were some of the technical limitations you had that disqualified folks initially?
Tamás and Grady: It was mostly due to them not having react and/or python clients/SDKs.
Dan: I love the term “friendliness”. Are there any other software packages you use that feel like they win in that category (other than FusionAuth and Contenda, of course)?
Tamás and Grady: On our frontend, we use Netlify and Pendo, and I think we could put them in this bucket as well. Generally smaller companies tend to care more about their customers, so it’s not always the best idea to go with the biggest player out there.
Dan: How much time and money would you say FusionAuth has saved you?
Tamás: While I don’t think I can come up with an exact number for either of those, I can confidently say: a lot. We could’ve spent months working on a complex system, and any FusionAuth employee could still say “Look what they need to mimic a fraction of our power” after that.
[After building our own auth system in under a week] we definitely need something more robust, secure and user-friendly to get to the next magnitude of users.
Dan: How do you run FusionAuth (kubernetes, standalone server, behind a proxy, etc)?
Tamás and Grady: We don’t actually; you do!
This was also an important point for us: engineering-hours are always the limiting factor, so if we can find a provider that also handles the infrastructure for us, that’s fewer hours we waste on managing something we don’t have to.
Dan: Any general feedback/areas to improve?
Tamás: I’d love it if more things were “easy” on the “easy <-> possible” scale. FusionAuth is extremely customizable, which is great, and makes a lot of things possible.
But it’d be nice if the configuration interface would self-document itself more, and make a lot of the typical use-cases easy and simpler to do.
Also, as a fan of strong typing: adding type hints to the python client library would be tremendous.
Dan: Thanks for your feedback!
We love sharing community stories. You can check out Contenda’s website if you’d like to learn more about them.
*** This is a Security Bloggers Network syndicated blog from The FusionAuth Blog authored by The FusionAuth Blog. Read the original post at: https://fusionauth.io/blog/2023/07/17/contenda-saved-time-with-fusionauth