Gotta have a good exit plan. I originally used Mozilla's authentication system, which I can't remember the name of, but they got rid of it.

Mozilla Persona, for anyone curious: https://en.wikipedia.org/wiki/Mozilla_Persona

I LOVED that. Persona was a profoundly disappointing product cancellation.

Agreed.

We use auth0 at work and I've thought about it. With time given most users are SSO based, it's probably doable but annoyingly so over a month to move to another service. Not that we would want to.

Outsourcing auth is acceptable for saas customers. For consumer apps it's probably not a good idea, pricing models typically don't seem aligned in your favor for that.

The only thing that would be hard to migrate is if you store passwords in Auth0 - you would have to reset everyone's password no?

I once did a migration of an auth system by having the new system attempt an auth against the old system if there was no password hash saved in the new one. If it succeeded, it hashed the password and saved it. Seamless for users.

Obviously the old system isn't going to stick around forever, but you can get a good chunk of the passwords migrated this way.