In a lot of programming tutorials for setting up user authentication I’ve seen everyone say Auth0 makes everything super easy and for the large part I agree it makes things easier but at a cost, and the tutorials instruct you on using Auth0 rather than making your own system. Here are some concerns of mine, change my view on using Auth0 as opposed to my login/registration system.
- You are trusting a 3rd party. What stops a rouge employee or a hired corporate espionage agent from going in and abusing internal tools to hijack your website’s admin panel. How could you prevent such an attack? I suppose some extra form of home made 2nd factor of authentication could prevent this, what risks exist, how can they be mitigated.
- Will Auth0 last forever? One day could they run out of money and cease to exist? How long would it take to recover.
With those concerns being said change my view on why I should use Auth0 like everyone says over making my own login and registration system.