What alternatives to Auth0 are worth looking into? Between this P0 (with no ability to check the status or file a ticket) and the Okta acquisition, I hesitate to continue using Auth0 as the default when spinning up new web apps.
What's the point of such services? Every web framework worth its salt supports all common authentication schemes and offers an easy interface to write your own.
Keycloak is pretty battle-tested and rock solid although it is a bit of a behemoth operationally.
Outside of that they Ory ecosystem is really nice. We user Hydra, which is not a drop-in Oauth2 server but requires you to write several of the components yourself.
"Keycloak is pretty battle-tested and rock solid although it is a bit of a behemoth operationally."
Just looked. Java, Wildfly, Infinispan, Hibernate + A DB, network multicast if you want a cluster, your own separate load balancer, etc. So, a fairly large time investment if you aren't familiar with all of that.
Yeah, it's not the easiest thing in the world to get up and running but not quite as hard as it might seem at first look. If you are already using k8s then you can use https://github.com/codecentric/helm-charts/tree/master/chart... to deploy Keycloak fairly easily. If you're not using k8s then it is probably more of an undertaking.
Every year or so I check back in to see if Cognito has gotten any better. I hasn't. I'd love to use it, but some very basic things are just not done correctly. Yan Cui has a nice writeup on Cognito [0] that touches on some of its shortcomings.
My blood pressure is still coming back down from AWS having an all-day outage during a holiday week last year, because Kinesis had an issue and it turns out their entire infrastructure depends on that.
