[mooreds]

If I didn't want to use a third party auth provider (disclosure, I work for one, FusionAuth), I would use a battle tested open source library. Whatever is standard on your tech stack (devise for rails, spring auth for java, .NET core identity, etc).

This is complicated enough and standardized enough that I can't think of a good reason to roll your own, other than for exploration/learning.

Can I ask why you are interested in rolling your own? Is it to minimize dependencies?

[threatofrain]

Just for personal learning, I wanted to see how fast things could be if I kept everything within the same datacenter.

[mooreds]

Ah, okay.

Why wouldn't a self hosted auth server (keycloak, FusionAuth, etc) or a library integrated into your app (I mentioned some above for certain languages) work?