At work we have 20+ React apps served through Express.js, deployed for different enterprise customers, and every customer wants a different auth setup. Some still use CAS. Some want Keycloak. Some use Entra ID / Azure AD. Over time this became painful to maintain because every app had slightly different: middleware / session handling/ token refresh logic/ Redis session setup/ random edge-case fixes etc. Supporting both browser sessions and bearer-token APIs made it even messier. I eventually got tired of repeating the same auth work across so many apps and started building a common layer internally to handle all of it. Curious how others are solving this in Node/Express apps?? submitted by /u/saurabh_shalu [link] [comments]