I gave an interview recently. The question was that you have already created a web app and now now want to enable user login /logout and signup related servives from the functional perspective as you want only authentic autharized users to use your service .
So I said I will use the amazon cognito service as that gives you out of the box sign up from gmail/facebook etc as well but he was interesed in custom signin-signup . So he said how will you handle that. So I said that can be handed by amazon cognito or other othentication providers .
He still was not convinced . he give me hint. So he said that there are laws which needs to be abided for authentication and authorizarion and one such law dictates that a develper should not be able to print the username and password for his end customer and that is the reason to direct most of our calls to third party services like cognito ; but then how do you hadle your username and password and reset password something which is associated with you .
Overall i was not selected but i wanted to know how are things of sign in and sign up user flows are handled .