Well, honestly I just hoped that I could get away with auth and profile management just from the client-side. Even if this microservice/proxy is dead simple, it’s just one more thing that we need to build and maintain.
On the other hand, I can see the security reasons behind this decision, so… let’s build a proxy.