[joseonjok]

I'm puzzled as to why this area is constantly seeing reinventing the wheels? I can name a few very mature (20 years in teh making) open source projects that pretty much lets you self host everything you might possibly need to handle all sorts of authentication schemes

It seems like if its not written in Javascript people have aversion to it and this "keep everything typescript" really makes no sense to me especially when you deal with the missio n critical nature of backends.

[pakl]

In most B2B cases you really don’t want to self host authentication. Really.

There are plenty of identity providers out there who will worry about hashing passwords, resetting them, 2FA, etc. Most client businesses already have identities via one of those for all their employees (read: users of your APIs or apps).

Unfortunately nearly all of the open source solutions out there do exactly what you said, they start with (required) self-hosting authentication. Not helpful.

What’s more relevant to businesses is authorization using existing IdPs (shameless plug: https://github.com/DMGT-TECH/the-usher-server)

[ffo]

I believe it’s important to offer people a choice.

Some prefer self-hosting, while others opt for SaaS—it really depends on their specific needs. If you require data residency and complete control, self-hosting is the way to go. On the other hand, if you want a hands-off operational experience, SaaS makes more sense.