Good riddance to Auth0 and social logins
a day ago
- #startup-lessons
- #authentication
- #phoenix-framework
- The author switched from Auth0 and social logins to Magic Links in Phoenix, finding it simpler and more efficient.
- 85% of customers preferred regular email/password logins, making social logins unnecessary and confusing.
- Managing multiple social login options (Facebook, Google, GitHub) introduced complexity and customer support issues.
- Phoenix 1.8 and tools like Claude made implementing Magic Links straightforward, taking only a weekend to deploy.
- Outsourcing authentication to email providers (like Gmail) leveraged their security measures, including MFA.
- Auth0's cost unpredictability and potential fee increases were concerns, especially for a startup.
- Managing permissions separately in Auth0 was overly complex compared to implementing RBAC directly in the application.
- Elixir's LetMe library simplified resource-based authorization, making it easier to query and manage permissions.
- Auth0's Universal Login offered limited customization, frustrating users with redirects and branding constraints.
- The author disliked promoting Meta and Google, preferring to minimize user reliance on these platforms.
- Proper system admin and encryption practices were deemed sufficient for securing customer data without external identity providers.
- The transition highlighted the joy of development with Elixir/Phoenix, though Auth0 was initially helpful for quick setup.