I have been exploring authentication options for production applications and while services like Okta, Auth0, and Firebase are popular, I don't like them for a variety of reasons. I am considering building my own authentication API with basic features like:
Login with email/password
Forgot password
Update password
I will use bcrypt for password hashing and JWT for session management.
However, I have read warnings about creating my own authentication being risky or a waste of time even when using industry tools like JWT and bcrypt.
Is it really unsafe to customize for production use if I am careful and follow best practices?