Typically starting a product we might not be entirely sure what we want to build. We have a rough idea that we want to help product owners create roadmaps or researchers manage their ideas or whatnot, and while sorting out completely what we want to build we can always start with the necessities. So we built the authorization system! This happened with a previous client.
We were implementing a minimum viable product (MVP) based on their previous work. While scoping out the initial layout we added in the signup flow for users. Upon deliberation with the client, we found that it was not strictly needed, so we removed it from the scope. To this day I am quite sure it still has not been implemented and is not strictly needed. Money saved, more time with the family!
Anyways, on the contrary, case complexities arise, we spend time tweaking the passwordless signup flow. We implement JWT cause, hey, we want to support microservices, and so on.
As is usual, we lose interest in the problem, or we have to attend something else for a while, and the idea leaves us and flies to another person, or even worse, never gets built. Now managers are stuck with their inefficient ways of doing roadmaps and the scientists will need to figure out another way to organize their knowledge.
An alternative is, at least in the beginning, to remove authorization from the idea and focus on what is essential. This requires us to make some realization, to change the vision, to build something different. This is hard, we need to get rid of our darling. But how is this possible?
Say you want to make a shared word editor. Something like Google Docs. Would this be possible without an authorization system? Indeed it is. Actually, the predecessor to Google Docs was made without authorization. One would merely go to a website, start a new document, and share the link with their friends. The security would be in the random name of the document. Good enough for enterprise and national secrets? Merely, but good enough to showcase collaborative editing which has since been refined, with fully featured authorization into successful products.