A scalable stateless Authorization Service for Federated Identities including Google and Facebook
Authorization Service built to provide Single Sign On for various microservices in an application. EGO works with Identity Providers such as Google, Facebook to provide social logins in the application. EGO provides stateless authorization using JWT (JSON Web Tokens) and can scale very well to a large number of users.
Interactive documentation of the API is provided using Swagger UI.
When run locally this can be found at: http://localhost:8081/swagger-ui.html
EGO Architecture
Here are some of the features of EGO:
- Single Sign on for microservices
- User-authentication through Federated Identities such as Google, Facebook, Github (Coming Soon), ORCID (Coming Soon)
- Uses JWT(Json Web Tokens) for Authorization Tokens
- Built using well established Frameworks - Spring Boot, Spring Security
The application is written in JAVA using Spring Boot and Spring Security Frameworks.
- Spring Security
- JWT (JSON Web Tokens): This project uses jjwt library for JWT related features.
- OpenID Connect
The goal of this quick start is to get a working application quickly up and running.
Set the API_HOST_PORT
where ego is to be run, then run docker compose:
API_HOST_PORT=8080 docker-compose up -d
Ego should now be deployed locally with the swagger ui at
http://localhost:8080/swagger-ui.html
- Install Postgres
- Create a Database: ego with user postgres and empty password
- Execute SQL Script to setup tables.
- EGO currently supports three Profiles:
- default: Use this to run the most simple setup. This lets you test various API endpoints without a valid JWT in authorization header.
- auth: Run this to include validations for JWT.
- secure: Run this profile to enable https
- Run using Maven. Maven can be used to prepare a runnable jar file, as well as the uber-jar for deployment:
$ mvn clean package
To run from command line with maven:
$ mvn spring-boot:run
ego JWT will have a similar format as the one described in RFC: kf-auth-rfc An example ego JWT is mentioned below:
{
"alg": "HS512"
}
.
{
"sub": "1234567",
"iss": "ego:56fc3842ccf2c1c7ec5c5d14",
"iat": 1459458458,
"exp": 1459487258,
"jti": "56fd919accf2c1c7ec5c5d16",
"aud": [
"service1-id",
"service2-id",
"service3-id"
],
"context": {
"user": {
"name": "[email protected]",
"email": "[email protected]",
"status": "Approved",
"firstName": "Demo",
"lastName": "User",
"createdAt": "2017-11-23 10:24:41",
"lastLogin": "2017-11-23 11:23:58",
"preferredLanguage": null,
"roles": ["ADMIN"]
}
}
}
.
[signature]
- "aud" field can contain one or more client IDs. This field indicates the client services that are authorized to use this JWT.
- "groups" will differ based on the domain of client services - each domain of service should get list of groups from that domain's ego service