Auth is a pretty classic case where it’s not hard to make your own account create/login form but it’s really hard to make a good one that does all the “right things”.

I'd say it's relatively easy to make one that does the right but also the wrong things. By wrong things I mean things that make it complicated enough to turn insecure.

The advantage of third-party tools is that it's hard to get new features in there, so they retain their simplicity. You don't get some rando C-Level or IT guy demanding new auth features to make it messy.

Authentication and authorization are important requirements for internal tools. Low-code platforms support authn/authz for app access. Building internal tools with code is much easier now with GenAI, but ensuring proper RBAC access controls remains a challenge.

I have been building https://github.com/openrundev/openrun to try and solve internal tooling deployment challenges. OpenRun provides a declarative deployment platform which supports RBAC access controls and auditing. OpenRun integrates with OIDC and SAML, giving your code based apps authn/authz features like low-code platforms.

This is a good example, but the build vs buy decision in this case also includes viable open source options, which become even more attractive when LLMs reduce the implementation + maintenance barriers.