I wrote an article about this: https://ciamweekly.substack.com/p/ciam-for-the-single-applic...

The tl;dr of the article is that there are auth specific features that are not differentiated but that users expect. Just like you might outsource pieces of functionality like data storage and message sending to specialized servers/libraries/applications, you can do the same with authentication.

The article could use some improvements, tbh, it is 2.5 years old.