How complex is it to plug an external auth provider

Hello Ghost contributors,

How complex is it to plug an external auth provider such as Auth0 or any cloud based authentification (AWS Amplify, firebase) ?

Or best, is it easy to bypass the authentification system by providing some tokens or just a call to a function that just does “hey this user xxx is connected” directly somewhere in the code ?

Cheers, A.