Hey David, thanks for the read!
Accounts is a hard one, but since current Meteor Accounts is just an abstraction over your documents in MongoDB, you should be able to use Passport for authentication.
If you’re embracing GraphQL too, you could add the authentication service as another responsibility the GraphQL server can have. Thus, every request in and out of your GraphQL server has auth knowledge in arms reach.
Just a thought, we’re still trying to make sense of that too!