This question has probably been asked before but I couldn't find the answer. Is there a good and widely used auth library for KMP (google, email, phone) without depending on Firebase auth? Or is it simply not worth the effort? I'd like to have minimize my lock-in to vendors, and Firebase auth would be a lock-in in the very basics of my app.

There's this library, which supports the common social login providers https://github.com/mirzemehdi/KMPAuth However if you want full control over the auth flow or need to use a different provider, you might choose to use a generic OAuth provider like Auth0 or AWS Cognito, and build the authentication flow yourself. It's a bit tricky to wrap your head around all the terminology of OAuth, but once you do, it's actually surprisingly simple to build the authentication flow yourself. You'll build the "OAuth 2.0 Authorization Code with PKCE" flow, which involves little more than sending the user to the browser and handling redirects back to the app. Combine that with the Ktor client Bearer Auth plugin, and you've got a secure and flexible authentication system for your app. https://ktor.io/docs/client-bearer-auth.html#step1

Yeah, I ran into that project but it does depend on Firebase Auth, doesn't it? I could do my own implementation but don't want to reinvent the wheel.

Just a nitpick on the metaphor - you aren’t reinventing the wheel, you’re building one to spec. Which is a good exercise every developer should go through at least once. IMO.

I decided to give this project a try and polish it a bit. It might be a good fit, although Firebase has nice features and ui. I'll make it public further down the road, just too cautious now to not publish any security tokens and shit 🫥

If you missed it in the feed, someone released a seemingly very comprehensive project for just that issue: https://kotlinlang.slack.com/archives/C0BJ0GTE2/p1755603977681409

I'm gonna give that a try. I know gitleaks and precommit hooks for private key scanning. I'll see what works, thank you! I'll publish whatever I improved on the project here: https://github.com/favorize-app/kmm-auth but it'll be very rough and AI driven for now, untested. Just work in progress. KMM core blocking for now as it's being marked as mobile only by AI, haven't had the time to look into it yet, tbd

@Robert does it cover functionality of https://github.com/kalinjul/kotlin-multiplatform-oidc ? I'm not an expert in IAM/OAuth/OIDC, but recently I started to look into that Looking at the README it has very intuitive API, something I would expect from all auth libraries

Not yet, but it's just a day old. Trying to work thru the compilations errors and then will start testing. Still have to implement it in my own project(s). Could try to add OIDC at some point https://github.com/favorize-app/multi-auth/pull/2 https://github.com/favorize-app/multi-auth/pull/2/files#diff-ab11bb0b4993af50e33952a7262dbfe870746c7c3a151097cb575dffc8685234R194