That's easy to answer: It is not architected, it is organically grown.
Product A adds a sign in. Product B from another team adds another sign in. Product C,D,E do the same. Each team has some special magic sauce that makes their system work better with their product, but worse with all others.
Now the corporate infighting starts, as management squeezes all these sign-in systems together, and everyone looses if any other but their system wins. So some compromise is created, based more on political prowess than technical requirements. The result is an API from hell, taking fragments from everyone, even if they conflict. Everyone pushes and pulls their existing systems until it fits in the compromise, trying to minimizing damage. Weird cracks appear everywhere.
Remember how each organization builds a solution based on their organogram. Look at microsoft in the meme. Look at the sign in mess. Understand.
I predict strange, probably exploitable and surely unsolvable problems in the MS sign-in system for at least the next decade, just like their programming practices of the '90s had entirely predictable security consequences for a decade when the internet appeared.
And it's crucial to understand we're well past the point where any one (or likely even a small team) knows all the places that Microsoft auth is entangled with. Thus unknown, undesirable interactions occur just because it's too big for someone to know that the interaction would occur.
Product A adds a sign in. Product B from another team adds another sign in. Product C,D,E do the same. Each team has some special magic sauce that makes their system work better with their product, but worse with all others.
Now the corporate infighting starts, as management squeezes all these sign-in systems together, and everyone looses if any other but their system wins. So some compromise is created, based more on political prowess than technical requirements. The result is an API from hell, taking fragments from everyone, even if they conflict. Everyone pushes and pulls their existing systems until it fits in the compromise, trying to minimizing damage. Weird cracks appear everywhere.
we've all seen the organizational charts meme:
https://www.euroresidentes.com/tecnologia/noticias-internet/...
Remember how each organization builds a solution based on their organogram. Look at microsoft in the meme. Look at the sign in mess. Understand.
I predict strange, probably exploitable and surely unsolvable problems in the MS sign-in system for at least the next decade, just like their programming practices of the '90s had entirely predictable security consequences for a decade when the internet appeared.