[mooreds]

Disclosure. I work for an auth vendor, FusionAuth.

> A bit like e-mail: e-mail is usually a crucial part of the business too, but nearly no one manages their own e-mail service nowadays.

I liken it to a database. Most people use databases in their apps. Some people use a fully managed proprietary solution (graph db, dynamodb), others use a managed solution that conforms to a given standard (managed mysql/postgresql). Some people run databases themselves. But very few people would build a database from scratch.

Auth is much the same. You have a spectrum of needs, based on how much control you need. SaaS solutions get you functionality faster and with less maintenance while giving you less flexibility. Self-hosted solutions let you leverage the efforts of the OSS community or vendor while still maintaining operational control as well as data sovereignty.

Only a very few folks should write their own auth, it's a solved problem with lots of good solutions out there.