Lets say you have a corporate app that serves thousands of internal users that has its backend hosted on a separate webserver. This app can implement super simple auth by having the backend query the company's AD server to prove identity, then fetch what is allowed to be viewed and store the session in a third party cookie.
An app like this is probably not ideal for outward facing sites but I have seen apps like this serve its purpose very well as an internal app and the simplicity allows it to have less tech overhead.
An app like this is probably not ideal for outward facing sites but I have seen apps like this serve its purpose very well as an internal app and the simplicity allows it to have less tech overhead.