Honestly, I'd rather not self-host anything. Many people, such as Amazon and Auth0 provide services to handle authentication for you, so you're just given a jwt token or session information. I want to pay pennies per user to have it done right(tm)

I didn’t realize it until looking at it just a moment ago, but Auth0 is an Okta subsidiary. They don’t have a stellar record by themselves [0]. I guess that leaves Amazon? That’s not super encouraging.

[0] https://www.bleepingcomputer.com/news/security/auth0-warns-t...

Amazon Cognito is an attractive option for authentication since it has a good free tier and is relatively inexpensive even outside of the free tier.

The downside I ran into is that it doesn't support SAML SSO. It is only OAuth, OpenID Connect, and JWT.

As an auth backend to an app, perhaps, but the web login forms for Cognito had terrible UX (when we were using it). So terrible that we had daily customer-reported support tickets that we had no ability to fix (short of writing our own full UI).

Also, sharding user records into Cognito pools was a bit frustrating. Hopefully AWS has invested in fixing these issues.

Firebase and Supabase might also be good options for authentication. Cheaper with generous free Tier.

> I want to pay pennies per user to have it done right(tm)

Okta's whole value prop was that they do it "right"... Oops.