I built an Expo app on top of Hasura and rolled my own passwordless authentication mechanism and it was far far easier than using Auth0, imo. Auth was done using serverless functions to send emails with one-time-use tokens, to match the received one-time-use tokens with those generated in the database, and to return JWTs which the clients can use to auth later on and which grant access to different roles (it was an app with roles for managers, employees, etc.)
You can even implement refresh token / auth token with rotation relatively simply. I felt Auth0 makes these things complicated to implement, whereas implementing them took only a few days and the docs / help online on how to do so are very good these days.
+1 that's probably my favorite way of doing it - https://github.com/martin-hasura/blog-django-graphql-hasura Even Django REST Framework and Hasura works pretty well cause you get auth + then if you want to do functions you get that for 'free' as well
You can even implement refresh token / auth token with rotation relatively simply. I felt Auth0 makes these things complicated to implement, whereas implementing them took only a few days and the docs / help online on how to do so are very good these days.