Yes, I mostly recommend it because it is free and I've used before, plus I've been on several projects where we used Keycloak. For me, Cognito's 50.000 monthly active users is probably all I will ever need, and as you said, its quick to get started. Keycloak is the other way around, you will have to invest beforehand into learning and running it. Also, if you allow self-signup by your users, Email inboxing is a serious issue. So even if you run Keycloak yourself, you must think how you are going to deliver emails - which will bring you to other SaaS services like MailChimp or AWS SES anyway.

I can't speak about FusionAuth or Auth0, but yes, other SaaS might be as good as Cognito as well - but I do not know their free tiers.

Disclaimer: I am not working for any of those, just a small side-gig SaaS builder/WebDev speaking of my experience.

Thanks for sharing your rationale, makes a ton of sense. Cognito's free tier is great and frankly, takes auth off of many folks' plate. Which is a good thing.

I've heard similar things about Azure AD B2C. Strangely, Google has a comparable offering ( https://cloud.google.com/identity-platform ) but I've never talked with anyone using it.

> I've heard similar things about Azure AD B2C

As someone who works with Azure B2C on day to day basis, I wouldn't recommend it to my worst enemy. It's a shitshow. It's impossible to maintain, heavily obfuscated by policies being xml instead of code, with weird naming everywhere. Very, very limited in what it can do and how(try making somewhat of a 'switch' statement). It usually ends up being a Frankenstein of copy-pasted sample policies from their Github that barely work. Debugging is a nightmare, logging to App Insights in production shouldn't be used(it requires 'Development mode') and even if it would, logs it produces are terrible and usually say nothing, with most errors being 'Internal Server Error' and nothing else. UI is also very 90s-like and to fully customize requires a ton of jquery and magic strings hardcoded everywhere. To customize emails in any way you still have to pay for Sendgrid anyway. I genuinely hate the experience.

I just checked prices of FusionAuth, and clearly your company is not interested in smaller side-gig like customers or self-funded startup that need to grow. Basic, production cloud options (non-eval) start at $162/mo for 10.000 MAUs. Once I move the slide to over 10.000MAUs the basic option is gone, and the cheapest option suddenly jumps to $1062/mo.

Thanks for taking a look. For your use case, I'd probably recommend self hosting community edition. FusionAuth price: $0.

You could do this on ec2, etc, or there's a heroku 'one click deploy': https://elements.heroku.com/buttons/mickeymond/fusion-auth-h... This is the path most folks using FusionAuth for side-gig use.

You can download the community edition here: https://fusionauth.io/download

For smaller companies, we recommend business cloud with community edition, which starts at $225/month. The basic hosted version doesn't have backups and so isn't suitable for prod use. I get that this is a lot for a side project (I wouldn't use it for one). Or a self-funded startup--I remember one startup where the entire application was running on about $75/month in hosting spend on heroku. No way would I have paid $225/month for auth.

We have a slightly complicated pricing model (with both hosting and licensed editions, creating a matrix that is not typical), but I truly appreciate your feedback and will share it internally.

Edit: Added startup anecdote.

> For your use case, I'd probably recommend self hosting community edition. FusionAuth price: $0.

But self-hosting has the same issue as Keycloak: Email inboxing. You do not want your signup verification emails to land in spam folders. So you end up paying for an email mailboxing provider, at which point I'd rather go with a hosted auth solution that takes care of that.