The Foundation of Identity — OutaStory Joins the Auth0-for-Startups Program
Photo: FlyD on Unsplash
The new OutaStory isn't public yet at all. There's no landing page to show off, no stories to link to, no button to press. What there is, is a machine room — and in that machine room, one of the most important decisions of all is being made right now, long before anyone gets to see it: How do people sign in to OutaStory?
This week brought news I was genuinely happy about: OutaStory GmbH has been accepted into the Auth0-for-Startups program. Auth0 is the specialist that runs a platform's identity infrastructure — everything around sign-in, login with Google or Apple, forgotten passwords, multi-factor confirmation. Sounds unspectacular. But it's exactly the part you should tinker with the least. And that's precisely why this acceptance means so much for a small team.
This post sits a little outside the usual order — it's being written before the actual dev-log series about the relaunch even begins. But it belongs at the start, because this is where a foundation gets poured that everything else will later stand on. I want to tell three things: who Auth0 is, why identity is the most delicate foundation of a platform for people of all ages — and what the program concretely enables for a young company.
Who is Auth0?
Photo: George Prentzas on Unsplash
Auth0 is an identity platform — today a company owned by Okta, one of the big names in identity. Put simply, Auth0 solves a problem that every application with user accounts has, and one that's surprisingly hard to get right: Are you really who you claim to be — securely, conveniently, and across every conceivable sign-in path?
What's behind it is more than a user ever sees:
- Login and registration — with email and password, but just as much via "Sign in with Google" or "Sign in with Apple," without us having to maintain code for each of these paths ourselves.
- Multi-factor authentication (MFA) — the second confirmation via app or code, which means a stolen password alone doesn't cause damage.
- Account recovery — the "forgot password" path, which has to be secure without becoming a back door.
- Protection in the background — detection of suspicious sign-ins, brakes against automated attacks, hygiene around sessions and tokens.
The crucial part: Auth0 doesn't do this on the side, but as its core business — audited, certified, and hardened over years. Outsourcing identity to such a specialist means relying on something that others have already proven under far harsher conditions than I ever could alone.
Why identity is the most delicate foundation
Photo: Amol Tyagi on Unsplash
Now for the part that's really close to my heart. OutaStory is meant to become a platform for people of all ages — for adults reading in the evening, just as much as for young readers. As soon as accounts come into play, people entrust something to you: their email address, their name, possibly more. And with younger users, that trust weighs doubly. That's not a technical footnote, it's a responsibility.
From that follows a simple, hard rule for me: identity is the part you don't improvise. A wobbly layout can be fixed later. An unfortunate navigation decision can be rebuilt. But a homegrown sign-in system that turns into a data leak a few months down the road can't be "fixed later" — by then the damage is already done. Reading aloud, browsing, writing: all of that can be experimental and in flux. The door to the account cannot.
Concretely, "doing it right" means for me:
- We never store passwords ourselves. The most sensitive thing a platform can hold never even reaches us.
- We don't rebuild multi-factor authentication ourselves. We use something proven instead of inventing our own, unaudited variant.
- Every sign-in is a door — and a door is only good if it reliably closes and opens easily for those who are authorized. Achieving both at once is exactly the craft Auth0 specializes in.
- Privacy is built in, not bolted on. As a German company under the GDPR, I need to know from the very start which identity data lives where and who processes it. With an established provider, that's a question you can answer, not a blind flight.
In other words: the most invisible feature of the entire platform is also the one where a mistake would be the most costly. That's exactly why it comes first — and exactly why it should stand on the shoulders of someone who does nothing else.
What "Auth0 for Startups" concretely brings
Photo: Paymo on Unsplash
A support program is always also a sober calculation, and I want to be honest about what it means — and what it doesn't. "Auth0 for Startups" is not a discount on a feature we would otherwise have skipped. It's the chance to build the good version from day one, instead of the cheap one for cost reasons.
What the program includes:
- One year free of charge, with the full feature set of Auth0's B2B Professional tier — not the stripped-down entry level, but what paying enterprise customers otherwise get.
- Up to 100,000 monthly active users. That's far more headroom than a launch needs — and that's exactly the point: we can grow without sign-in becoming the first bottleneck.
- Access to support and solutions engineering. When a tricky question comes up during the build, there's someone on the other end who knows identity inside out — especially in the phase where every foundational decision is hard to change later, that's worth its weight in gold.
For a small team, that's more than saved money. It's tailwind to take the foundation seriously. Without such a program, the temptation is great to pick the cheapest solution for sign-in at first and upgrade "later, once things are running." Only that "later" almost never comes at a good time for identity — either it's too early (no time) or too late (something already happened). The program takes that lazy compromise off the table: we build the resilient version right away, because we can afford to.
Part of the program is that you show the partnership openly — and I'm glad to. Auth0 will get a permanent spot on OutaStory's future partner page, alongside the other companies whose shoulders the platform stands on. It feels right to make the foundations visible, precisely because they otherwise stay invisible.
What this means going forward
As I said, this post is being written before the public beginning. There are no numbers to report yet, no stories, no users — just a decision made quietly, whose value will only show over time. But it's the kind of decision I don't want to regret later: putting sign-in, the account, identity on solid ground from the start, instead of on sand.
When the new OutaStory eventually goes public, signing in should feel so natural that nobody thinks about it for even a second. That's exactly the goal of good identity infrastructure: that you never notice it. If this post reads like an inconspicuous footnote in a year or two, then we got everything right here.
Until then: the work in the machine room continues. The first visible stone is laid — even if, for now, only I can see it.
— Thimo
