Comment by mooreds

> Outsourcing auth does not make much sense IMO. The less you can split your state over multiple services the fewer problems you will have.

I agree with the general principle. Fewer moving pieces make for more stable applications ("choose boring technology"[0]).

However, I was wondering what you do when you have more than one application that the same userbase wants to access. I can see 3 options:

1. make them register/have credentials for each application (not a great user experience)

2. use a standalone auth server and deal with the increased complexity

3. pick one of your applications to 'own auth' and have the other applications delegate to it. congrats, you've just invented a standalone auth server that is coupled to one of your apps

What am I missing?

0: https://boringtechnology.club/