POC: Migrate authentication from Auth0 to Azure AD B2C

[AndrewCraswell]

Auth0 provides an easy to implement authentication system with a great polished user experience out-of-the-box. However, to support 50k users would be very expensive, and we would need to pay the fee for each environment tenant.

Azure AD B2C is not a great platform, and leaves lots to be desired as far as DX and user experience. But the pricing is FREE for up to 50k users, and negligible cost beyond that. Additionally, we could have as many tenants as we like and it would be free. Having the auth resources co-located next to the other cloud resources in Azure would make everything easier to administer.

The drawback however, is that we would likely need to hire a vendor to redesign the login flows from scratch because Azure AD user flows provided are beyond horrendous.

[AndrewCraswell]

This code was finalized and tested, but I'm holding off on merging it. The restrictions around custom claims is a big blocker for AAD B2C. While it's true that custom claims can be configured, they must follow restrictive guidelines. As such, the claims for authenticating with Hasura for GraphQL authorization would not be compatible.

A better option is probably to use AWS Cognito. They have great APIs, much better control over custom claims and authorization, and similar pricing. First 50k MAU are free, and every additional 10k costs only $55. My only concern is whether using an Azure Function to query the custom claims would be possible, or if we would need to create a AWS Lambda function to do this. And at that point, would it make sense to implement all APIs using Lambda?

Another primary drawback to AWS Cognito would be that I suspect the React library is lacking a bit. It would likely require a wrapper library to be written in similar fashion to the Azure AD React package.