[mooreds]

My opinion, as someone who works for a company with both a free and paid auth software option: it depends.

If you only need minimal auth functionality and you have one app, go with a built-in library (devise for rails, etc etc).

If you need other features:

- MFA

- other OAuth grants for API authentication

- SSO like SAML and OIDC

or you have more than one application, then the effort you put into using a SaaS service or standing up an independent identity server (depending on your needs and budget) is a better solution.

Worth acknowledging that auth is pretty sticky, so whatever solution you pick is one that you'll be using for a while (assuming the SaaS is successful).

Auth0 as a choice is good for some scenarios (their free plan covers 7k MAUs which is a lot for a hobby project), but understand the limits and consider alternatives. Here is a page from my employer with alternatives to consider: https://fusionauth.io/guides/auth0-alternatives