> I don't feel like it's worth giving up control over your user's authentication to an intermediary in return for saving a week of work.
The market is tested, though. Auth0 is a notable player in this space and they seem to be making money.
Like you, I've been pretty unhappy with this class of product. Auth0 provides just enough to be dangerous; upload Javascript with no way to unit test it to gate auth (that broke!), support for multiple social providers but no built-in way to unify accounts (do that yourself), etc. They also have an insanely low limit for OAuth client applications; so low that we had to buy an enterprise contract to scale out to production.
(BTW, the way I tested auth hooks after an outage caused by a faulty one was to implement their API in Go, embed a Javascript interpreter in our Go tests, and then execute the hooks against an in-memory version of our API server. That eliminated any server-caused auth hook breakages. But I have to ask, why am I paying them when I have to do all the work?)
Auth0 can be prohibitively expensive if you have low revenue per user.
We are working on providing an OSS docker image that would mock Hellō so that you could get full coverage in automated testing of registration and login. Would you find that useful?
The market is tested, though. Auth0 is a notable player in this space and they seem to be making money.
Like you, I've been pretty unhappy with this class of product. Auth0 provides just enough to be dangerous; upload Javascript with no way to unit test it to gate auth (that broke!), support for multiple social providers but no built-in way to unify accounts (do that yourself), etc. They also have an insanely low limit for OAuth client applications; so low that we had to buy an enterprise contract to scale out to production.
(BTW, the way I tested auth hooks after an outage caused by a faulty one was to implement their API in Go, embed a Javascript interpreter in our Go tests, and then execute the hooks against an in-memory version of our API server. That eliminated any server-caused auth hook breakages. But I have to ask, why am I paying them when I have to do all the work?)
A competitor could be good here.