Evaluate Hydra for Auth Server

[drasko]

Hydra looks as very well written OAuth2 and RBAC + Access Policy server: https://blog.gopheracademy.com/advent-2015/hydra-auth/

Code seems well maintained, tests are written.

Looks like a great candidate for Mainflux Auth Server. We need to evaluate it and eventually integrate it.

[drasko]

Do we need Hyrda - it is there if you want to be Identity Provider. You must bring your IdM, they are suggesting AuthBoss. Also there is this one: https://github.com/janekolszak/idp

[mijicd]

As more as I'm reading about it, I am less convinced that we need to introduce Hydra at this point of development. It sure is a very good solution but I am not sure that we need it at all.

[drasko]

Agreed.Me neither. We talked about this scenario before:

• You are making a web app that relays on Mainflux for services
• Your web app is muti-user, but under the hub these users are Mainflux users
• When user tries to log it is redirected to Mainflux login

From me this is Oauth2.0 OpenID Connect flow, but maybe I am wrong. In that case Mainflux must be Oauth2.0 Identity Provider.

This is second phase IMHO, we can come back to this later. But if we need IdP, maybe it is worh looking at something like this: https://github.com/janekolszak/idp, so we can leverage Hydra later?

Here: https://ory-am.gitbooks.io/hydra/content/what-good.html:
Hydra is not something that manages user accounts. Hydra does not offer user registration, password reset, user login, sending confirmation emails. This is what the Identity Provider ("login endpoint") is responsible for. The communication between Hydra and the Identity Provider is called Consent Flow. Auth0.com is an Identity Provider. We might implement this feature at some point and if, it is going to be a different product.

[drasko]

Hydra is something to look if we ever need OAuth 2.0. Closing the issue for now.