I don’t know when we became this lazy. Auth is hard, sure, but putting your users table and sessions behind a vendor API is not something cool. Tell me one feature that is not supported by libraries like OpenIddict (You can build around) or Keycloak?

"home built auth system" is bound to have "random SSO issues". You fix them, that's how things mature.

> For a while at my company, half our support engineers time went to handling random SSO issues that came up in our home built auth system.

fwiw, we also have entire staff dealing with SSO issues among our employees and users, despite relying on external services to handle auth.

A problem domain as complex as authentication is bound to habe issues of some sort. But I am not sure if I would be so fond of „outsourcing“ something as integral to my services as the access to these services

Is this perhaps a reason to have a Users table that is separate from the table of data on how you authenticate that user?

That’s when you install Keycloak.

Just use Ory Kratos and self host it.

is it just me? who just uses magic links delivered via email or telegram as backup?

Majority of apps are B2C apps, they don't need any of this.

All you need is Apple and Google Oauth.