Regarding the first scenario, what I was trying to say is that you
cannot get the full functionality of AEM without syncing users. I
suppose in some limited use case, this might work, but I've rarely see a
case where only authentication was necessary or appropriately. After
all, if you are authenticating users, it is usually to give them some
kind of value in having done that authentication, which means some level
of authorization as well.