Skip to content

Architecture Forum

Date: 2026-05-28

Agenda

  • Platform news
  • Singlefactor vs multifactor auth
  • Event design

Platform News

  • Swagger now shows auth requirements, including whether 1FA or 2FA is needed. See User for example
  • Logging fixes (Mesut).
  • Azure Service Bus support was removed.

Auth Guidance

  • Prefer 2FA whenever it is possible.
    (see Credit for how not do it.)
  • Firebase is only 1FA, be careful what type of data that is stored inside.

Event: Design

  • Use events to inform others that something happened.
  • Use messages to tell another area to do something.
  • Keep the naming clear:
    • SomethingHappenedEvent, i.e. TransactionCompletedEvent
    • DoSomethingMessage, i.e. SendEmailMessage

Event: Naming And Shape

  • Only one area should publish a given event, but many can subscribe.
  • Only one area should listen for a given message, but multiple areas can publish.
  • Keep events/messages fat enough that consumers do not need extra callbacks.
  • Avoid overly granular events when one broader event is enough, i.e. CardChangedEvent for all changes to card.

Event: Messaging Features

  • Use MessageOutbox for scheduled delivery.
  • The producer and consumer can be the same area for internal flows.
  • Event and message metadata is available through an optional IMessageMetadata parameter.

Event: Reliability Rules

  • Handlers must tolerate out-of-order delivery.
  • Handlers must tolerate duplicate delivery.
  • Handlers must tolerate concurrent processing.
  • Use IMessageMetadata when you need stable EventId or PublishedTimeUtc.