alt Hacker NewsIn most B2B cases you really don’t want to self host authentication. Really.
There are plenty of identity providers out there who will worry about hashing passwords, resetting them, 2FA, etc. Most client businesses already have identities via one of those for all their employees (read: users of your APIs or apps).
Unfortunately nearly all of the open source solutions out there do exactly what you said, they start with (required) self-hosting authentication. Not helpful.
What’s more relevant to businesses is authorization using existing IdPs (shameless plug: https://github.com/DMGT-TECH/the-usher-server)
I believe it’s important to offer people a choice.
Some prefer self-hosting, while others opt for SaaS—it really depends on their specific needs. If you require data residency and complete control, self-hosting is the way to go. On the other hand, if you want a hands-off operational experience, SaaS makes more sense.