What do you think about external core dependencies? For example, people are starting to use Okta/Auth0 for the authentication core of their apps.

Obviously, this puts them at the mercy of the okta if anything goes wrong with IdM. But then again, people are very bad at doing auth.