Zapply Auth Journey

We started out trying Auth0, and quickly found it to be a complex, buggy pain in the ass. Its UI felt cluttered, and managing flows turned into more overhead than we wanted. Frustrated, we looked for a simpler, cleaner solution.

Enter Stytch—and it was such a breath of fresh air. Stytch is so fucking awesome: straightforward API, user-friendly Dashboard, and a rock-solid Java SDK that integrates smoothly into our JavaFX app. We opted for OTP (One-Time Passcode) login, skipping passwords entirely. Our JavaFX client handles session management (including refreshing tokens), while our Spring Boot backend proxies calls to Stytch:

• /auth/send-otp lets the user enter an email, and Stytch sends them a code
• /auth/verify-otp validates the user’s code
• /auth/refresh-session extends the session behind the scenes

The user just types in their email and the OTP code—no messing around with password resets or storing credentials. It’s quick and pain-free.

On the backend, we use Spring Security’s resource server mode and point it to Stytch’s JWKS. That way, our service knows exactly who’s making each request, verifying tokens seamlessly. It all comes together in a minimalistic, frictionless login experience that doesn’t overcomplicate our app’s core features.

In short, Stytch gave us the modern, passwordless workflow we wanted—simple setup, easy ongoing management, and zero headaches. We wouldn’t go back.