Middle ground: we avoid writing the authentication piece, instead federating with our customers IDPs (typically AzureAD, Office365, Google - nobody has asked for Github or Social media yet..) for identity assertions, which we authorize locally in a gateway so we can enforce our licensed features. Major wins: no more password reset calls to our helpdesk (250+ per day before this), user access control remains with the customer so their starters/leavers processes work smoothly, no more complex user management stacks in every product (50% of the codebase I reckon across the business!)
As we support a number of diverse products with this SSO solution the gateway also provides a nice isolation point between customer IDP weirdness and internal services, avoiding every product having to support every weird IDP.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.