(no title)

While supporting a couple of the most common ones directly is worth it, building deeper integration with a specific auth as a service provider is thinking about the process backwards.

The business value for the authentication as a service companies is to make it easy to Integrate with them in order to benefit from the extra capabilities they offer, via standard mechanisms that make their service a drop in component of a larger stack.

Authentication Services are already commoditised, and they are complementary to your business, and you don’t even have to do extra work to commoditise this particular complement! Just don’t fall into the trap of thinking it’s worth doing more. Auth0 can give me SMS based magic links, while simultaneously tying those to an azure Active Directory primary user to determine if the owner of the mobile phone number is authorised to use a given application. I have all that power, all that and more via your tools and frameworks… anywhere that supports the OpenID Connect standards as a relying party. Don’t think “deeper”, just think about getting the standard part done, and leave deeper authentication stuff to the company that want authentication to be their entire business. It’s worth noting that OpenID Connect does enable using almost any other social provider a customer might want, since having a big swathe of social auth options is usually feature #1 for an authentication as a service product or service.

Also it looks like passport.js supports being an OpenID Connect relying party already thanks to a couple of libraries already on NPM. Looks like it was a good choice of JS library/framework for this job, (I don’t live in JavaScript so I stopped keeping up with all the libraries and frameworks years ago, so I have no idea how ubiquitous or obvious the choice of Passport.js is)