When I say reset password, I mean functionality to allow users to request that an email be sent with a link to reset their password and choose a new one. Not sure if that’s different from what you have in mind about forgot password.
And I said “most” because it’s not clear to me what some of these points include. For example “No confirmation emails for register / change password” may mean that you expect that ROS sends an email to the user to notify them that they’ve changed their password which doesn’t seem like critical functionality.
Ultimately, authentication is a very broad field and deciding when a system is production ready depends heavily on your app’s requirements. With the upcoming improvements, I’m fairly confident we’ll cover most apps’ needs, but for some advanced scenarios, such as two-factor authentication or sms verification, the password provider may never be considered “production ready”. This is why we’ve made it extremely easy to integrate with auth0 or similar services, whose entire business model is based on providing extremely feature rich authentication API. In terms of documentation, we have examples on integrating with cognito and will soon publish tutorials for auth0.
In any case, if you outline your app’s authentication requirements, I’d be happy to give you some broad timelines on when you can expect us to ship these features. We’d like to be as transparent as possible as we have no interest in misleading you into using our built-in auth providers if they’re not going to be complete enough by the time you launch your app.