1

I am currently working on a project that involves setting up a microservices architecture with centralized authentication, authorization, and secret management.

I want to implement a centralized authentication and authorization system similar to Google's ecosystem. Google provides a seamless login experience across its various services like Gmail, Photos, Keep, Google Cloud Platform (GCP), and APIs (e.g., Google Maps and Books), all using the same Google account. How does Google manage this, and what are the best practices to apply this type of structure in my project?

Tech Stack: React.js, Node.js, Express, MongoDB, PostgreSQL, Own server setup at the office (no third-party services like AWS)

Requirements:

  1. Centralized Authentication and Authorization:
  • Users should be able to log in once and access multiple services (similar to Google's ecosystem where a single login provides access to Gmail, Drive, etc.).
  • Implement JWT-based authentication.
  • Support for user roles and permissions.
  1. API Gateway:
  • A single entry point for all services.
  • Route requests to the appropriate microservice.
  • Token validation at the gateway level.
  1. Secret Management:
  • Securely store and manage secrets (API keys, database credentials, etc.).
  • Centralized service for secret management that microservices can query.
  1. Microservices:
  • Multiple independent services that can communicate securely.
  • Example services include authentication, data processing, and other domain-specific functionalities.

I would greatly appreciate any guidance, best practices, or resources on how to structure and implement this architecture effectively. Any sample project structures, code snippets, or tutorials would be extremely helpful.

What I've Done So Far:

  1. Implemented basic JWT authentication in a Node.js service.
  2. Set up individual microservices with Docker.
  3. Started configuring an API gateway using Express.js.

Challenges:

  1. Structuring the project to maintain all microservices together effectively.
  2. Implementing centralized authentication and authorization.
  3. Setting up a robust secret management system.
  4. Ensuring secure communication between services.
Improve this question
1
  • Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Commented Jul 28, 2024 at 10:36

1 Answer 1

Reset to default
1

Replace your basic authentication service by Keycloak (https://www.keycloak.org/). Create users and give them roles (or better, composite roles).

For each GUI, configure a client into Keycloak, and have the GUI delegate authentication to Keycloak. This way you'll have SSO, and a unified login.

Into each microservice, check the roles into the JWT to authorize or not the access.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I don't want to use any service, I want to create everything independently.
I understand, and even approve, except for the security part. It is so hard to make it right, and so time-consuming to keep it right, that I strongly advise you to use an open-source battle-proof component like Keycloak (or any other component that suits you).

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.