Why do you need authenticate and authorize ? - About user: - Protect your data (sensitive data) with user identity (authentication) - Ensure that your business operate in security way - About system: - Data don’t affect each other between tenants in application - Each user type have behaviours differently perspective roles - Interact service-to-service, user-to-service in security way ...
Available solution - Self-built as a service or apart of software - Pros: full control - Cons: waste time - Using 3rd party such as Facebook, google+, … - Pros: quickly development - Cons: dependent to external organization - Buy enterprise solution: cisco, ibm, oracle, ... - Pros: full support, utility - Cons: high cost - Self-host open source based authorization server: keycloak, ory/hydra, … - Pros: can customize - Cons: have complexity to develop and operate
Appropriate solution - Keycloak as IAM services - Keycloak support for integrate for kong api gateway, app, ... - Keycloak support for Single Sign-On with google for gitlab, sentry, mastermost, …
Demo - Demo authN with Single Sign-On - Sequence diagram - Login gitlab with basic authentication (username / password) - Login gitlab with 3rd party (google) - Demo authZ - Sequence diagram - Designing roles - Assign user to role - Call api with postman