Services like these are super beneficial, but maybe only should be used to kickstart an application or business. Ideally I think the company should work toward finding an in-house solution. What do you think? π
For MVPs and home projects I would suggest to use a 3rd party identity manager such as Auth0 or Firebase Authentication. These manage social providers, pw reset, email notifications etc.
For larger projects it could be a risk.
10Q
By Identity Management do you mean the parts of an application that manages registrations, membership, logins and possibly access control?
I've always created my own, but have been told that these days I should be using an Identity provider. The reason being that I shouldn't re-invent the wheel and membership/registration has become more complicated with external logins from Facebook/Google/LinkedIn/etc and 2-factor Authentication. Presumably a provider would also be able to faster update security issues and new log-in features. I haven't seen a provider that does this yet, but recently I've been seeing more sites use a "magic link" type of log in where the user doesn't even enter a password.
I'm interested in what everyone says. Should I still be making my own in-house solution?