| With great power comes great responsibility :) Having the flexibility to build persistence yourself is great, it comes at the cost and responsibility of continuously maintaining it! We have run into so, so many edge cases. Here are some examples: 1. What do you do when a user with email "foo@example.org" has already signed up, and now is trying to sign up using Google with "foo@example.org"? 2. How do you ensure that a user can update sensitive information (e.g. their recovery email address, or linking additional "Sign in with" providers) while keeping a balance between security and user experience? 3. What if you now want to add biometric auth for native mobile apps, or 2FA? The complexity in building your own is not starting with the first 10%. As your app and business grows, teams are faced with ever increasing requirements. Leaning on an established open source provider built by experts in the area just saves you so much time, headaches, and potential security oversights! > What Db does Ory use? Should we set up our own.? We support all prominent SQL systems - so PostgreSQL, MySQL, CockroachDB, SQLite, ... - and of course all cloud SQL vendors. You can also choose to run Ory in Ory Cloud, then we take care of all of this for you! > Also, authentication and authorization are core for an app. If we do authentication here, how does authorization work? Can I bring my own authorization like oso etc. Absolutely! We have a project for this also: https://github.com/ory/keto Hope this clarifies your questions! |