[adamqureshi]

ok i am a 1 man shop and outsource Auth to Auth0 but i am paying $25/month to them without offending you how can i justify paying $99/month for this ( I am building another app ) and doing it in webflow as MVP and want todo Auth with a stupid simple JS integration to at least test the MVP. But i like your dead ass simplicity.

[westoque]

I am mostly a one man shop myself but I would encourage everybody to self host their authentication. With so many open source libraries, there’s no good reason why you should use an external provider. In most cases, if the app is relatively successful you will very likely add functionality to your app, and this means you need control of your data and everything else that comes with it.

In the bigger scheme of things, I envision a world where adding auth to your app (or any functionality) is as simple as adding a docker service.

[mhamann]

Thanks for bringing up this point! I think there are definitely times where self-hosting authentication might make sense, but I'll respectfully disagree that most people should do this.

Every component that gets added to your infrastructure is just "another thing" that you have to worry about in terms of uptime, monitoring, security, staying current, and so on. Personally, I'd rather not worry about any of that for something that isn't part of my core competency. Certainly there is a cost/benefit analysis to be made, mostly for larger companies.

I know we won't likely agree on this point, and that's ok! I just wanted to share an alternative perspective. :-)

[Kiro]

That's exactly what I don't want. I don't trust the security of my app to store user credentials.

Another reason: my app has no reason to send emails except for one thing: password resets. I don't want to set up a whole email flow just for that. By using a provider I can offload that at the same time.

[davewasthere]

Firebase, Cognito, Azure B2C?

Yeah, for the same reason I don't want to store credit card details, I don't want to store user credentials.

[littlecranky67]

+1 on those services. I went with AWS Cognito, which gives you permanently 50.000 MAU for free. A big issue with self-hosting is also Email delivery; you'd have to go to some provider to send verification Emails to have a decent inboxing rate.

Only downside is the pretty ugly default login UI of cognito, but you can style it to some extend by adding a logo and custom css.

[rgthelen]

Out sourcing credentials is critical. I'd go a step further, most apps/websites should out-source all of their personal data. Liability around personal data breaches is only increasing.

[rgthelen]

This is a great point.

We (at Rownd) are looking into self-hosted, open-source options as well. What are a few features that are MUST haves?

There are some that are more complex (like SMS auth, email auth, etc). We want to 100% get away from passwords, so passwordless is critical since most passwords are security issues.

[rgthelen]

Hey Adam!

That is a great question. We are new and want to find those folks that are willing to pay 2-10 times more than the competitors. Most all of our competitors are free for 2-12 months hoping to lock you in. It is very counter-intuitive, but our first 20 paying customers have such a real pain point that are not being met, then even knowing that there are cheaper alternatives, they turn to us.

We do offer 50% off of that rate for hacker news ($49 a month). We will decrease our price over time as we really understand more about our customers, their problems, and make onboarding super simple.

Having said all of that, reach out at robert (a-t..) rownd.io and if you are willing to give us feedback I'll find a price to make it work.