| I would reject anything that isn't self-hosted out of hand because: (a) you never know if that kind of company is going to go out of business or get bought and get shut down or change for the worse and (b) your relationship with your customer is the most important thing. There is no problem moving a self-hosted auth system into the cloud as you can move it there the same way you move the rest of your application. Circa 2001 I built a "user management" library in PHP which was inspired by this https://philip.greenspun.com/doc/index that depended on an "auth module" that was maybe 50-100 lines of code in most programming languages so there were some screens for logging in, email verification, changing your passwords, etc. and also an administrative interface and system for sending both transactional emails and marketing blasts, it all worked pretty well for 350,000+ users. The rest of the application could be written in Perl, Java, ColdFusion, ASP, WiTango or any other system that supports cookies and mysql database access. The vision was that one could build a "portal" by modifying best-of-breed blog, forum, and other software to use my auth module. I used it for quite a few sites but never got any uptake on the open source project, I think people just didn't agree with the vision. I didn't see anything similar come along until 2013 a bunch of "me too" companies came out with user management systems that worked as a SaaS which struck me as absolutely insane because of what I said the in the first paragraph but these had a huge amount of uptake for reasons that baffle me completely. I guess some people don't find business interesting enough unless it has an element of Russian Roulette. |