I think you're missing the point of okta. It's not for access control to your specific application. It's for companies to deal with many groups of users and on/off boarding easily.

It transforms "Andy is andy@foo on service A, AndyA on service B, aaaandy on service C, maybe has two factor enabled on some of them and hopefully hasn't joined other groups to give them access" into "Andy is andy@company in Okta and we can turn services on/off and set policies as needed".

> When did it stop being a core competency of web applications?

Turns out, login is surprisingly hard. It will be the first and most important focus point for attackers - SQL injections, DDoS attacks, captchas, griefers intentionally using wrong passwords to lock someone else out... with Okta and other products of its kind, all an application developer needs to do is to check some token.

Another huge part is that in the "old" world there was only one player for any kind of centralized authentication: LDAP. While there were and are multiple LDAP server implementations (OpenLDAP, MS AD, Samba and a bunch of smaller ones), only Microsoft's AD has a somewhat comfortable and usable management application - but even that is using old-school Windows UI and you need a MS desktop to manage it. Everyone else? Either use Apache Directory Studio, some barely working web management UI (phpldapadmin, GOsa) or heaven forbid plain LDIF files.

In contrast, working with anything of the "modern authentication" solutions is a breeze.

I’m curious to know if there are any oss alternatives for similar services.

Ory, Keycloak, Authelia and bunch of others come to mind if that's exactly what you're looking for.

If you just need oauth2 + openid connect, you can install a library from your Open Source package repository of choice.

keycloak