Isn’t that kind of old school? Keeping credentials on the backend.

Isn’t it better the use something like auth0 or Cognito, let them keep creds, generate the JWT and let the backend verify based on what the front end sends?