Skip to content

The demonstration of modern authentication using BFF pattern and authorization enforcer using OPA

License

Notifications You must be signed in to change notification settings

thangchung/bff-auth

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Why BFF for Authentication?

TODO

When to use BFF Auth with Cookies-based

  • Used:
    • Cookies (Same site) and move the authentication to the trusted backend
    • Use a dedicated backend for SPA now and move the security to the trusted backend
    • Azure does not support introspection or the revocation endpoint so you cannot invalidate the tokens, or logout an Azure SPA fully. BFF removes this problem
  • Not used:
    • High load apps or cross domain with high load
    • In this case, please use tokens, but it has a risk of tokens to be robbed in the client-side

Get starting

  • Start frontend
# Start front-end
> cd frontend/bff-auth-nextjs
> yarn dev
  • Start backend
# Start auth-server, BFF server, and sale-api
> tye run
  • Go to https://localhost:8080, and start to play with it

High level architecture

Hosts and Services

No. Name Technical Stacks URI
1 Gateway (BFF Auth) .NET 6 (YARP) https://localhost:8080
2 Duende.IdentityServer .NET 6 https://localhost:5001
3 Product API Rust (Axum, Tower, Hyper, Tokio) http://localhost:5003
4 Sale API Golang (fiber) http://localhost:5004
5 Ship API (TODO) .NET 6 http://localhost:5005
5 Web Nextjs http://localhost:3000

References

About

The demonstration of modern authentication using BFF pattern and authorization enforcer using OPA

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published