I'm currently working on a project that uses a multi-zone architecture, where each zone represents a distinct feature or app. Since each of these zone apps will eventually require its authentication/authorization, I'm trying to figure out the best approach to manage auth across the entire system.

Auth quirks on my side since its an enterprise app: SSO w/Microsoft Entra

Some specific questions I have:
Token Management: If using tokens (or sessions), how can I manage token sharing and session management efficiently across different zones while keeping the user experience seamless?
Best Practices & Tools: Are there any recommended design patterns, libraries, or frameworks that work well in such a multi-zone setup? Have any of you faced challenges with similar architectures, and how did you overcome them?
Security Considerations: What potential security pitfalls should I be aware of when handling authentication in a distributed system like this?
Centralized vs. Decentralized Auth: Should I implement a centralized authentication system for all zones, or is it better to handle auth individually within each zone?