David Kimura PRO said about 4 years ago on From Devise to Auth0 :
It was a popular episode suggestion where due to compliance regulations (COPPA, CCPA, GDPR) they wanted to move from having an internal authorization mechanism to more of a hosted solution. Personally, I think in most cases Devise + Omniauth is suitable enough and I probably wouldn't implement Auth0. However, not having to worry about the authentication security portion is nice. Then again, if Auth0 is ever down, then from your end users' perspective, for all intents and purposes, you're site is also "down".