Comment by roncesvalles

I've been (trying) to use Auth0 over the last few weeks, just as a PoC / "base" app scaffold.

My conclusion has been: for social and email login, you don't need things like Auth0. Just write it yourself.

You need: session management, account management (you'd already have this), and some simple social login pathways (PKCE etc). If you're an experienced engineer and take the time to do it properly, it's totally fine to "roll your own auth". Things like Auth0 and Firebase Auth are built for nobody and make life more difficult.

Any SaaS service that saves you like <40 hours of implementation work is not worth buying into. Just put in the hours and you're set for life. It'll probably take you that many hours to wrangle with integrating it anyway (and when things get serious, you'll need to figure it out down to the bone anyway; auth is not something you can just plop in like a blackbox and forget about it). And if in the process of rolling it yourself you realize "oh shit the service is actually lifting a lot for me", then the time you spent on learning that lesson was also worth it and made you a better engineer.

Basically, don't cargo-cult things just because everyone says you should. You should feel the "aha" for why you need to introduce a 3rd party thing.