douwaif22244 2016-05-13 07:35
浏览 182
已采纳

Golang中的单点登录身份验证

I am trying to build a multi-tenant architecture in golang where there will be different services like Service-A and Service-B each service will run on a different server and I want the user to have a single sign-in solution and get authenticated in all the services offered.

Just like what Amazon AWS or Google does like it has many different services like Amazon Cloud Front, Amazon EC2, Amazon S3 and all services are authenticated through a single login and logout from one service result inlog out from all connected services.

I am trying to implement this in golang, so far I found out Open-id Connect coreos/dex but it lacks docs explaining its API and Architecture.

What would be the best architecture to design such authentication system?

I think using JWT token I can achieve it. Is this architecture will be secure or there any better solution for this?

My Approach

                          -----------------        
                          |               |    shared
                          |               |   env file
                          |SERVICES A     |---------------|       
           AUTH HEADER    |               |               |
           JWT TOKEN      |               |               |
        |---------------> -----------------               |                     
    ---------            ------------------   shared      |
    |       |            |    SERVICE B   |  env file     |                    
    |Login  | -----------|                |-----------    |               
    |Browser|            |                |          |    |  
    ---------            ------------------          |    |
        | |                                          |    |   
   Login| |"JWT_TOKEN RESPONSE"                      |    |   
        | |                                          |    |   
    --------------   enviroment file                ------------   
    |            |----------------------------------|          |
    | Main Server|                                  |          |
    |            |                                  |JWT_SECRET|    
    --------------                                  |="secret" |          
                                                    ------------
  • 写回答

1条回答 默认 最新

  • drnf593779 2016-05-13 15:10
    关注

    While your solution will certainly work. It could make writing the browser/mobile/general frontend part of your application more complex. And possibly slower.

    For example you might end up effectively JOINing data in the frontend. You make one request to service A, then use the information returned there to make additional requests to service B. This is a bad experience for the user.

    Once new concept that companies like Netflix and Soundcloud are pioneering is the backend for frontend pattern. Which is a server side adaptor for each type of frontend device that can handle authentication and aggregate the connections to the down stream services.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 安卓adb backup备份应用数据失败
  • ¥15 eclipse运行项目时遇到的问题
  • ¥15 关于#c##的问题:最近需要用CAT工具Trados进行一些开发
  • ¥15 南大pa1 小游戏没有界面,并且报了如下错误,尝试过换显卡驱动,但是好像不行
  • ¥15 没有证书,nginx怎么反向代理到只能接受https的公网网站
  • ¥50 成都蓉城足球俱乐部小程序抢票
  • ¥15 yolov7训练自己的数据集
  • ¥15 esp8266与51单片机连接问题(标签-单片机|关键词-串口)(相关搜索:51单片机|单片机|测试代码)
  • ¥15 电力市场出清matlab yalmip kkt 双层优化问题
  • ¥30 ros小车路径规划实现不了,如何解决?(操作系统-ubuntu)