Arch Forum 2026-05-28

Participants: Backend Devs, Victor

Agenda

• Platform news
• Singlefactor vs Multifactor Auth
• Event Design

Summary

Platform news

• Swagger now includes Auth requirements (i.e. if 2FA or 1FA is needed)
  • https://stage-user.minority.com/swagger/index.html
• Logging fixes (Mesut)
• Removed Azure Service Bus support

Singlefactor vs Multifactor Auth

• Always prefer 2FA is possible.
• Since Firebase is only 1FA, always consider the sensitivity of the data stored in Firebase.

Events: Design

A review of our current design guidelines for events and there handlers. For more details see the slides used here

A discussion followed around how to best design event handlers that can handle concurrent events, events arriving out of order or duplicated events.

Several patterns or ideas were raised:

• A saga pattern could help here? But Sagas are quite heavy and can be difficult to implement, so they are difficult to get right.
• A inbox pattern to buffer events, i.e. keep the KycCompletedEvent in an inbox until a corresponding UserCreatedEvent have arrived.
• Optimisticly reschedule the out of order event for a little later and hope the depdency already arrived by then.
• Handle events arriving at the same time by locking by using the Distributed Lock from platform. (While it is quite easy, its important to not overly rely on the locking)
• Restructing and adjusting the code. I.e. use Upsert, or let the code try to update a column from A to B, and otherwise fail.
• We should remember to get help from AI. An AI can often spot places were its not handled properly, and implement fixes as well.