I am trying to build a multi-tenant architecture in golang
where there will be different services like Service-A
and Service-B
each service will run on a different server and I want the user to have a single sign-in
solution and get authenticated in all the services offered.
Just like what Amazon AWS or Google
does like it has many different services like Amazon Cloud Front
, Amazon EC2
, Amazon S3
and all services are authenticated through a single login and logout from one service result inlog out from all connected services
.
I am trying to implement this in golang
, so far I found out Open-id Connect
coreos/dex
but it lacks docs explaining its API and Architecture.
What would be the best architecture to design such authentication system?
I think using JWT token
I can achieve it. Is this architecture will be secure or there any better solution for this
?
My Approach
-----------------
| | shared
| | env file
|SERVICES A |---------------|
AUTH HEADER | | |
JWT TOKEN | | |
|---------------> ----------------- |
--------- ------------------ shared |
| | | SERVICE B | env file |
|Login | -----------| |----------- |
|Browser| | | | |
--------- ------------------ | |
| | | |
Login| |"JWT_TOKEN RESPONSE" | |
| | | |
-------------- enviroment file ------------
| |----------------------------------| |
| Main Server| | |
| | |JWT_SECRET|
-------------- |="secret" |
------------