Evaluating mail delivery services and integrating with one; going through all API handlers to check that they handle the extra "signed up but email still unconfirmed" status the right way; handlers for resending email confirmations; the password reset flow. A lot of papercuts.
Oh, and later on — having to debug email delivery issues, which always happen eventually.
This is why adding another third-party auth option is much easier than adding an email signup flow.
An alternative is the "modern" email flow where you just get a sign-in email every single time you want to login, but that's meh. I'd rather have a proper "classic" email signup flow.
All this said, I admit that email signup is one of the basic features, and we're missing it. I want to have email signup too. I just don't think it's as easy (or even /almost/ as easy) as third-party auth, and the rest is a question of priorities.
There is a reason entire companies exist to solve this. Properly implementing your own login creates a lot of wasted development time, especially when OAUTH2 is an industry standard.
Evaluating mail delivery services and integrating with one; going through all API handlers to check that they handle the extra "signed up but email still unconfirmed" status the right way; handlers for resending email confirmations; the password reset flow. A lot of papercuts.
Oh, and later on — having to debug email delivery issues, which always happen eventually.
This is why adding another third-party auth option is much easier than adding an email signup flow.
An alternative is the "modern" email flow where you just get a sign-in email every single time you want to login, but that's meh. I'd rather have a proper "classic" email signup flow.
All this said, I admit that email signup is one of the basic features, and we're missing it. I want to have email signup too. I just don't think it's as easy (or even /almost/ as easy) as third-party auth, and the rest is a question of priorities.