The issue is virality, i.e. derivative work of the AGPL software should also be AGPL, so it's unlikely that serious companies would be willing to take the risk of potentially exposing their entire non-auth stack to AGPL and having to argue the line for what would be derivative work and what is not.
Many big companies have blanket policies either banning AGPL completely, or require strict legal review.
Re the payment question: it is a common SaaS licensing model to dual license under AGPL and a commercial license. AGPL serves as a deterrent for business customers to use it without purchasing the commercial license.
Yes, the use of AGPL as part of the stack certainly raises concerns. I don't think it would apply in this case, but equally I am not a lawyer, and i don't want to pay lawyers to fight over it, so personally I don't use AGPL in my stack, validating your point.
Many big companies have blanket policies either banning AGPL completely, or require strict legal review.
Re the payment question: it is a common SaaS licensing model to dual license under AGPL and a commercial license. AGPL serves as a deterrent for business customers to use it without purchasing the commercial license.