Authentication in 2021

Devise seems to be very popular among the Rails communities and I was wondering why Auth0, Okta, Cognito (AWS) or Firebase, etc. were not that much used to authenticate and manage users in Rails app.

They offer pretty decent free tiers (so developing costs should remain close to 0) and solve a lot of security and compliance issues that we face as developers.

What are your thought and what are your best practices when it comes to user authentication and management?

I think it's mostly because leaving your user accounts in the hands of a third-party adds a lot of complexity and they'd rather have full control in-app.

Those options can be good options if you need enterprise integrations or you're building static apps though where you don't have a backend that can do it.

At the same time, owning this data presents risks and add Ops to the project.