What is most valuable?
I implemented the use of authentication workflow entirely on the client side (S.P.A./Single Page Application). This gives the client app a JWT and makes the infrastructure a lot easier to manage in a distributed way since I don't need to track user sessions on the servers anymore. Now, I simply use the JWT from the client on the server side to process requests and push updated profile data to a database/queue as needed and end the process without having to persist data in the web server (sessions).
How has it helped my organization?
We are now able to dockerize stateless containers quote easily. A typical solution for managing session data is to put it into a database, but now we don't need to do that either. Auth0 essentially acts as the database backend. However, unlike regular session management through a database, whereby one needs to touch the database every time to re-hydrate session data for every request, I only make requests to Auth0 to query for profile data when needed, thus making the application more efficient.
What needs improvement?
The documentation and getting started guide is excellent for JWT and client-side authentication. However, I think they can do a better job in explaining what you're supposed to do next in order to correctly follow an idiomatic approach to using the solution beyond simply passing a JWT token to a server and having the server check then signature to validate the token.
For how long have I used the solution?
I've just started using it.
What was my experience with deployment of the solution?
Which solution did I use previously and why did I switch?
We used regular OAuth in conjunction with our own database for people without social accounts. This is much better because everything is wrapped and normalized through one service. It even supports non-OAuth solutions such as Active Directory and LDAP which is good.
How was the initial setup?
It was extremely simple and their site even generates sample code in various languages.