This is a market created by the supabases and it’s no code cousins. I frankly always considered auth so simple and fundamental, with best practices so well known that I never saw the need to use a SaaS for user auth. I guess if you want to offer all the auth methods that this library is useful and saves a lot of time.

I think it all started when libraries began to be replaced with "services" (I mean this in the broader context, not just auth). Integrations that were once development time or compile time, are now runtime. Two somewhat perverse incentives: developers get to offload some of their thinking (and also maintainence, reliability and scaling worries) to a service, and the service provider gets a perpetual income stream.

I'm curious about this too. How does this, for example, compare to Django's built-in auth?

Yeah, and all the popular web frameworks include authn and authz as a core component.

Yes. You're missing decades of the arms race between hackers and developers that has resulted in a degree of complexity that is too high for someone who isn't specifically trained in infosec.

Web devs use abstractions for lots of things. There's no reason auth should be a hill to die on.

Yeah and it was terrible. Your password would be stored as an unsalted MD5 hash if you were lucky.

Enterprise customers did the math on what a security breach lawsuit could cost and started demanding verifiably decent security, which meant some off-the-shelf off-premises solution.

That’s basically where we are now, and it’s the reason that most of Better Auth’s users are early-stage startups — they need to scale quickly, and they don’t have many pesky enterprise/governmental customers who might want to see a certification.