As a penetration tester, some of the most common and most impactful ways to screw up your site is to make a mistake with authentication. Outsourcing that to 3rd parties - whether it's social logins like Google/Facebook with Auth0 or AWS Cognito or whatever - is a good move. It's just something that gets done wrong so often it's not worth it. Those social logins are typically not providing the 3rd party with any information besides that the user uses your site, so there's no privacy issue - probably. You should double check with each social login provider.
Regardless of the authentication mechanism you use, don't forget about authorization! Authentication from the social login tells you someone is who they say they are, but authorization determines if that person is allowed to access the resource they're requesting. Like someone else's profile data, or a restricted admin endpoint.
As a penetration tester, some of the most common and most impactful ways to screw up your site is to make a mistake with authentication. Outsourcing that to 3rd parties - whether it's social logins like Google/Facebook with Auth0 or AWS Cognito or whatever - is a good move. It's just something that gets done wrong so often it's not worth it. Those social logins are typically not providing the 3rd party with any information besides that the user uses your site, so there's no privacy issue - probably. You should double check with each social login provider.
Regardless of the authentication mechanism you use, don't forget about authorization! Authentication from the social login tells you someone is who they say they are, but authorization determines if that person is allowed to access the resource they're requesting. Like someone else's profile data, or a restricted admin endpoint.
Thank you for your response, really helpful.