Should you build your own auth?

Auth seems simple until you need SSO, MFA, passwordless, and enterprise features. Here's when to roll your own.

🔑 The landscape changed

Open source auth has gotten really good. Supabase Auth, Lucia, and NextAuth give you 80% of what you need for free. The "build vs buy" here is more nuanced than other categories.

The spectrum of auth needs

Authentication exists on a spectrum. Where you fall determines your answer:

Level 1: Basic login. Email/password, maybe Google OAuth. Any framework's built-in auth or Supabase handles this fine.

Level 2: Consumer app. Social logins, passwordless, phone auth. Still doable with open source, but getting complex.

Level 3: B2B SaaS. SSO, SAML, SCIM provisioning, organization management. This is where you should probably buy.

Level 4: Enterprise. Custom SSO integrations, compliance requirements, audit logs. Definitely buy.

Build / vibe when...

  • Basic email + OAuth only
  • Consumer app, no enterprise
  • Using a framework with good auth
  • Under 10K users
  • Cost-sensitive early stage

Buy when...

  • Enterprise customers need SSO
  • SAML/SCIM required
  • MFA is mandatory
  • You sell to regulated industries
  • Auth can't be a distraction

The open source middle ground

Before spending $25K/year on Auth0, consider the open source options:

These handle Level 1-2 needs excellently. Level 3+ is where Clerk, Auth0, or WorkOS earn their money.

When vibe coding auth makes sense

Hot take: basic auth is a reasonable vibe coding project in 2026. The libraries are mature, the patterns are well-documented, and Claude/Cursor can scaffold it correctly.

What you can vibe: email/password login, OAuth integration, JWT sessions, basic password reset.

What you can't vibe: SSO/SAML integration (spec is a nightmare), MFA (security-critical), rate limiting/brute force protection (easy to mess up).

Real cost comparison

For a B2B SaaS with 5,000 monthly active users over 3 years:

Build (OSS) Auth0 Clerk
Initial cost $10K – $30K $0 $0
Annual cost $5K – $15K (maintenance) $10K – $28K $3K – $12K
Enterprise SSO $30K+ to add Included (higher tier) Included (higher tier)
3-year total $25K – $75K $30K – $84K $9K – $36K

What people underestimate

SSO is a sales requirement. Enterprise deals often require SAML SSO. Telling a $100K/year customer "we don't have SSO" loses the deal.

Security incidents are expensive. A breached auth system destroys trust. Managed providers have security teams; you probably don't.

The long tail is annoying. Password reset edge cases, session management across devices, account recovery — boring but necessary work.

MFA is table stakes. Regulators and enterprise customers increasingly require it. Building MFA correctly is hard.

Compare tools

Auth0

Market leader. Feature-complete, pricey at scale.

Build vs Auth0 →

Clerk

Developer-focused. Great DX, modern pricing.

Build vs Clerk →

WorkOS

Enterprise SSO specialist. If you just need SAML.

Build vs WorkOS →

Our take

Start with open source. Buy when enterprise customers arrive.

Use Supabase Auth or NextAuth for your MVP — they're free and good enough. When you land your first enterprise customer asking for SSO, that's the signal to buy. Clerk is the sweet spot for most B2B SaaS: affordable, great DX, includes SSO. Auth0 if you need maximum features and have budget.