Comments (15)
@acm-uiuc/project-groot So we have somewhat of a decision to make on how we progress, we can make a custom solution or we can use tyk which has an api management CLI and Dashboard. One is easier to manage (tyk) but we don't know how it works. The other means more work but and harder to use but we have full knowledge of how it works
from groot-api-gateway.
As much as I hate adding more work to the project, I'm in favor of rolling our own - primarily because a) it gives us more control and b) we occasionally have some odd use-cases that "one-size-fits-all" technology (cough Django) doesn't work well for (cough multiple databases on one website).
Also, Tyk doesn't seem to have drop-in support for Atlassian Crowd (which, per Admin, we have to use) - not that we couldn't integrate them ourselves (since Tyk supports that), but IMHO that reduces Tyk to a fancy URL-to-API router (which is something nginx plugins and Admin can do).
There's also the fact that Tyk uses Mongo and Redis, which I also don't think Admin is willing to support (since they already support MySQL) - so we'd have to maintain our own database systems without their help.
tl;dr: Tyk is a nice idea, but given Admin's restrictions and our concerns about backwards compatibility it's probably not worth the additional cost vs doing it ourselves.
-Ace
Date: Sun, 25 Oct 2015 19:47:28 -0700
From: [email protected]
To: [email protected]
CC: [email protected]
Subject: Re: [groot] API Gateway (#18)
@acm-uiuc/project-groot So we have somewhat of a decision to make on how we progress, we can make a custom solution or we can use tyk which has an api management CLI and Dashboard. One is easier to manage (tyk) but we don't know how it works. The other means more work but and harder to use but we have full knowledge of how it works
—
Reply to this email directly or view it on GitHub.
from groot-api-gateway.
The other option analogous to tyk is kong, which works off cassandra. can you
explain more about the issue with crowd?
from groot-api-gateway.
The issue with Crowd is that it already provides us with access tokens. Though we can tell Tyk to store them or generate a separate token with Tyk for a Crowd-authenticated user, both options would involve us writing our own code since there's no drop-in integration between the two.
from groot-api-gateway.
@ace-n what is the session/auth scheme for liquid and should it persist. Since we are writing our own auth middleware we need to decide how long sessions last for where the walls are in our system (i.e between client and gateway or between client, gateway and services) and what will be our token to move around.
from groot-api-gateway.
@sskhandek are you validating sessions on the client side or do you need the server to do it?
from groot-api-gateway.
Here is the main question, do we need to authenticate requests between services, because that reduces complexity hugely
from groot-api-gateway.
@narendasan I'm not too experienced on the difference in terms of performance if we did it on the client side vs server. Maybe @ace-n can add input.
from groot-api-gateway.
Can you use the Crowd server to create auth tokens and then just have the service validate the token with Crowd?
- User is not logged in and tries to go to service.acm.illinois.edu. Service does not find a valid token in storage.
- User is redirected to Crowd SSO. They login to get a new token. This is saved in session storage.
- Use is redirected back to service.acm.illinois.edu. Service finds token. Service makes POST request to Crowd (/session/) server to validate.
- If bad, go to 2. If good, proceed with request.
For an API, this is all the same, except the Token is passed via an HTTP Header instead of session storage. If using Node, consider writing a single Passport Strategy and dropping this into every service.
from groot-api-gateway.
@ace-n do you know if crowd can create auth tokens, If so this is oauth, which is perfectly fine, we just need to implement the integration. The second question is do we need to authenticate anything behind the gateway or assume that behind the wall everything is open?
from groot-api-gateway.
- Crowd can create authtokens that we can then verify with it
- I would advocate for authing behind the gateway if it doesn't make things too complex, since it might yield a slight increase in security/tolerance for bugs.
For maximum security, each service should be doing its own auth through a standard library - i.e. every service verifies the token if/when it's called.
For ease-of-development, having an initial gateway and "assuming secure" behind it is probably better - but we would have to make sure people can't directly call the ungated API externally.
from groot-api-gateway.
@ace-n can you give me more details on interfacing with acm's instance of crowd, like what the root url is. A lot of the code in liquid is abstracted by the crowd library
from groot-api-gateway.
other than that we have the first functioning link from frontend to user service now through groot
from groot-api-gateway.
I will send you the Crowd url privately. You will also need to ask Admin to set you up with an application name and password.
from groot-api-gateway.
closed with acm-uiuc/groot#45
from groot-api-gateway.
Related Issues (20)
- Hardware Service HOT 6
- Resume Service HOT 1
- Quote Database HOT 2
- Event Service HOT 1
- API Documentation HOT 4
- Meme Service HOT 1
- Service status monitor HOT 2
- Groot's backyard HOT 1
- Figure out mailing list management system HOT 1
- unified payment system service HOT 3
- Non-200 HTTP Response Bodies Dropped by proxy HOT 2
- Remove Sensitive Transactions from Logs HOT 2
- Much Better Sanitizer HOT 1
- Introduce Websockets as a protocol option HOT 1
- Parse schema files and generate a set of online documentation HOT 1
- Make route handlers optional HOT 1
- Store MySQL credentials in environment HOT 1
- Update Gopkg.{toml, lock}
- SQLite locking prevents creating access tokens while api-gateway is running HOT 1
- Add live-reloading to api-gateway for development
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from groot-api-gateway.