When you own the platform and source code, then you always have a "break window" escape of updating the code. You can also have it fail open only when requests are coming from the internal network, or have a fail-safe authentication mechanism that allows authentication with a super-admin password that can be used "in case of emergencies."
Everything has/should have a "break window" escape, and yes, that's a security weakness, but I don't see many alternatives to that.