Here are a few reasons why not, although each one has reservations:
- If you only authenticate one external service, anyone who does not use this service cannot use yours.
- If your external authentication service is disabled, users will not be able to use yours until their backup is returned; similarly, slowing down their authentication server will also affect you.
- Users are required to authenticate with another service, requiring them to accept this EULA service, which may be a turning point for some; Similarly, it connects you morally with what your authentication service accepts. In particular, this can make you a companion, assistant or partner of the auth site, as users should see their logo every time they try to use your service.
- The external auth domain takes the perfect snapshot of your viewer, giving them a lot of information about what your company is doing. Because their analytic tools and staff are generally second to none, they may know more about your user base than you.
The main way to avoid this problem is to allow people to use the service of their choice, and not just one service. If you are limited to development, then to limit development time, using OpenID is the best option, since many other authentication domains also qualify as OpenID, and therefore resolve most of the above problems.