Authentication layer, structure and microservice #259

kachar · 2021-05-01T05:54:00Z

kachar
May 1, 2021
Maintainer

We need authentication layer to be used by the graphql-gateway in order to authenticate requests before sending them to their destination microservice.

It will be best if this layer also provides a frontend authentication mechanism/library for easier integration just like https://github.com/supabase/gotrue-js handles the frontend layer of https://github.com/netlify/gotrue

Reading material:

GoTrue

Overview

Supported providers

Google
GitHub
GitLab
Azure
Facebook
Bitbucket
Twitter
Apple

Pros

works with postgres out of the box
can manage storage authentication and ACL https://supabase.io/blog/2021/03/30/supabase-storage
works with Row Level Security (RLS) via policies
has client libraries for js, c#, go
has rest interface

Cons

Keycloak

Overview

Supported providers

https://www.keycloak.org/docs/latest/server_admin/#social-identity-providers

Google
Facebook
Twitter
GitHub
LinkedIn
Microsoft
Stack Overflow

Pros

Cons

separate application
integrates with redirects

NextAuth.js

Overview

Supported providers

Apple
Auth0
Credentials
Discord
Email
Facebook
GitHub
Google
Instagram
LinkedIn
Okta
Slack
Twitter
VK
Atlassian, Azure Active Directory B2C, Basecamp, Battle.net, Box, Bungie, Amazon Cognito, Coinbase, Dropbox, EVE Online, FACEIT, Foursquare, FusionAuth, GitLab, IdentityServer4, Kakao, LINE, Mailchimp, Mail.ru, Medium, Netlify, Osso, Reddit, Salesforce, Spotify, Strava, Twitch, WordPress.com, WorkOS, Yandex, Zoho, Zoom,

Pros

nice frontend integration

Cons

no backend authentication between microservices

cefothe · 2021-06-12T18:54:34Z

cefothe
Jun 12, 2021

During the analyst of Keycloak, the redirects are not required. Because the Keycloak is a separate application we can scale it out of the box and give us the flexibility to extend the functionally that provides to us.

0 replies

cefothe · 2021-06-12T19:08:31Z

cefothe
Jun 12, 2021

Based on GitHub, the last release of GoTrue is last year which is a red flag in my head. But https://github.com/jrapoport/gothic looks pretty OK. So we can try that, the pros: written in Go, active community but the last release was March.

3 replies

cefothe Jun 14, 2021

@kachar What you think about that?

kachar Jun 14, 2021
Maintainer Author

It looks more advanced than the base netlify version, which is good

I like that this project supports more providers via goth https://github.com/markbates/goth

Gothic uses goth for external oauth providers now. Now we support everything that goth supports.

I'm not sure how it compares to the Supabase fork of gotrue, which is still activelly maintained at https://github.com/supabase/gotrue

The latest release has been 19 days ago

As it's part of supabase core products I'm pretty sure they'll maintain it for the community on the long run.

cefothe Jun 14, 2021

We can try both projects and check them how they work ... But almost 100 % supabase fork will more easy at the begging.

cefothe · 2021-06-12T19:31:41Z

cefothe
Jun 12, 2021

We can check https://medevel.com/iam-systems-10-identity/ for more ideas and tools that we can use. We can try to use something like GoThic or KeyClock both of them are definitely good choices that we can use.

0 replies

cefothe · 2021-06-12T19:54:16Z

cefothe
Jun 12, 2021

I am not sure if the free version of https://supabase.io/pricing will make sense for us.

14 replies

cefothe Jun 14, 2021

Some s3 alternatives https://geekflare.com/self-hosted-s3/.

kachar Jun 14, 2021
Maintainer Author

Let's split that in separate storage related discussion, the link seems promising. Would you start one?

preslavgerchev Jun 15, 2021

If we go for supabase as an auth layer, does that mean we should strongly consider Kong as a gateway? I would imagine it makes sense to simply extend the existing Kong deployment in that case and get both? 👀

cefothe Jun 15, 2021

@preslavgerchev It looks like the most simple way is to start with supabase as an auth layer and Kong as a gateway. We are searching for something that will give us a more easy and fast way to bootstrap the main part of the project. And defiantly the supabase is a promising solution.

About the second point, I can't get what you mean with the existing Kong deployment, is that mean we already have Kong in the project.

preslavgerchev Jun 15, 2021

It was more of a note than anything that Kong is deployed as part of the supabase stack. In theory we could reuse this deployment for API gateway purposes as well, although I am not sure how feasible or desirable that is 😄

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Authentication layer, structure and microservice #259

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 4 comments 17 replies

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

Select a reply

Authentication layer, structure and microservice #259

kachar May 1, 2021 Maintainer

GoTrue

Overview

Supported providers

Pros

Cons

Keycloak

Overview

Supported providers

Pros

Cons

NextAuth.js

Overview

Supported providers

Pros

Cons

Replies: 4 comments · 17 replies

kachar Jun 14, 2021 Maintainer Author

kachar Jun 14, 2021 Maintainer Author

kachar
May 1, 2021
Maintainer

Replies: 4 comments 17 replies

kachar Jun 14, 2021
Maintainer Author

kachar Jun 14, 2021
Maintainer Author