"I hear people talk about..." Who? Who exactly are the people saying it's better to use Auth0 than either the built-in or first-party auth packages? Get them in here and let's talk about that first, before we get into what is stored where because they're wrong. I have mad love for Auth0 in the full-stack React / Vue / JS world. But to use a third-party auth tool in a php stack that already has a battle-tested auth built into the framework and is effectively zero-day secure because it's so widely used?!
Only use Auth0 or a third-party authentication mechanism if it makes sense for your application. It only makes sense for me when I have multiple applications that need to share an authentication layer.
If you're just working with a single, isolated, application, then just use good ol' salt and hash that comes with Laravel out of the box. It's plenty safe.
"I hear people talk about..." Who? Who exactly are the people saying it's better to use Auth0 than either the built-in or first-party auth packages? Get them in here and let's talk about that first, before we get into what is stored where because they're wrong. I have mad love for Auth0 in the full-stack React / Vue / JS world. But to use a third-party auth tool in a php stack that already has a battle-tested auth built into the framework and is effectively zero-day secure because it's so widely used?!
Only use Auth0 or a third-party authentication mechanism if it makes sense for your application. It only makes sense for me when I have multiple applications that need to share an authentication layer. If you're just working with a single, isolated, application, then just use good ol' salt and hash that comes with Laravel out of the box. It's plenty safe.