I'm curious what authentication providers people are using/recommending for SaaS builders these days? In particular, people working on side projects / etc where the budget is effectively "zero".
I've got what I think is a reasonable list of requirements - nothing too major, mostly just what I'd consider the bare minimum these days - but I'm struggling to find any providers that meet them all:
So far, the only provider I've looked at that meets all of this (rather basic) list is Cognito. And their MFA implementation is broken. (No support for recovery codes, and if you lose your authenticator app then you're screwed)
Many of the providers seem to gate some of this - typically MFA - behind paid plans, but that realistically means you can't even start to implement it until you've got enough of a user base to be on the paid plan, and - in this modern security landscape - that's too late.
I'm trying to resist just building my own because it's a huge amount of work to do it correctly, and it's the kind of thing that you can't afford to do wrong.
Cheers