- Auth0 cares about and gives back to the (open source) community, e.g. with the free plan
- Auth0 develops most of their software/libraries not as proprietary closed source but in the open which improves trust and security
- Auth0's only and main focus is on their external customers and no one else (e.g. in contrast to AAD)
- Auth0 has the best documentation
- Auth0 is the easiest to use (clear separation of APIs and Applications/clients .. which competitors can only dream of)
- Auth0 is the most flexible solution on the market (especially regarding the "last mile")
- Auth0 fits the serverless mindset
- Auth0 has a great customer support
- The pricing model must be easier to understand.
e.g. I get asked ...
- why is the price per external active user in "developer pro" ten times higher compared to "developer"?
- why is m2m tokens not included in "developer"?
Because what people told me they are doing in order to avoid the much higher "per user cost" of the "developer pro" plan is to use "users", assigned "permissions" and the "password grant" instead of "m2m apps" and the "client_credentials grant". I dislike this happening very much.
- Auth0 Management Portal's ...
- usability on mobile devices. It's not really adapting to smaller screen sizes.
- application and API search functionality is basically not usable. I'd wish that either the "user and application" seach would work (having a lot of users and apps) and be extended also for APIs or (better) have dedicated search for apps and APIs in the respective overviews .. that would work as well and as fast as the API search that one only gets to use when authorizing a non-interactive app for an API (where you have the search field for the API).
- The user enumeration attack vulnerability when having a database connection's signup functionality enabled (also see support ticket: https://support.auth0.com/tickets/00440353)
- The missing functionality in the Management API regarding Auth0 tenants, e.g. to create, delete etc.
- The missing (tenant-agnostic) logs for operations/events regarding Auth0 tenants, e.g. logs for events like "TenantWasCreated" etc.
- The fact that you can authorize dashboard admins only for either individual apps or EVERYTHING (including the creation of new Auth0 tenants 😳). I'm missing at least some kind of privileges for a group of apps and APIs.