FYI I read SSO as single sign in not social login, but I assume you are asking to support third party auth over OAuth in dbAuth.
Personally, this is a slippery slope towards implementing full-featured authentication service inside Redwood and is something I am not in favor of.
If you are not careful you’ll have to build soooo much. Mail. Password strength. Auditing. Admin api. Callback whitelisting. App and user metadata. Multiple identity provider support. Account blocking. Login attempt anomaly detection. IP address spoof detection. Token refreshing.
Then you’ll want passwordless and magic link. And then SMS one time password authentication. And then support multiple phone providers.
Oh and then 2FA or even MFA.
And then you’ll have to do GDPR protection on all your user profile data.
And what happens if your password salt is compromised? Or you leak the hashes?
Where will it end?
I see dbAuth as a light weight and limited alternative to the authentication as a service providers and one that should be used with some understanding of its limitations. It’s nice to get you started.
Authentication isn’t just a user record in a database. It’s a product.