Great article. Authentication and authorization in a microservices/microfrontend is definitely a paradigm shift. Here's the problem i usually run into:
Because you're going micro, the context you need to determine wether someone is authorised or not cannot be duplicated across the microservices. Having a shared service, or having such context stored at the identity provider (which will let that context manifest in claims) is also not desirable because doing so will not make the microservices truly independent.
So, my question is: Do you have an idea on what's the best way to solve that problem?
(Maybe the answer to this question is going to be a little too long for a response: I'd love to read an article about it, preferably one that's written by you! ;-) )