Conversation

not only is it possible, it's actually easier tbh x509 client certificates are also great but the ui for them is atrocious
1
the trick is really just to design your web properties with an abstracted-out authentication system do not assume password auth; do not bake it into your product
1
here's an idea: make your system use oauth bearer tokens and then reverse-proxy pluggable translation mechanisms to various authentication interfaces, you're welcome
1
1