Somewhere someone convinced us all that "Authentication/Authorization" are hard problems that we should leave to third parties.