The Problem
Every Menoko product needs authentication. SC TradeMasters, StackSight, SL OnStage — they all need OAuth login, session management, and token refresh. Writing this three times is a waste.
The Solution
We extracted a shared NuGet package — Menoko.Auth — that handles the entire OAuth flow. One package, one config section, and you're done.
The middleware intercepts requests, validates JWT tokens, and manages refresh cycles. Each product just adds builder.Services.AddMenokoAuth() to their Program.cs and they're live.
What We Learned
Shared middleware only works if the contract is stable. We spent a day defining the interface before writing a line of implementation. That discipline paid off — three products integrated in under an hour each.
The hardest part wasn't the code. It was agreeing on the token claims schema across products with different user models. We settled on a minimal shared claim set with product-specific extensions.
What's Next
Rate limiting and API key auth are coming next. Same pattern — shared package, minimal config, zero product-specific code.