auth server examples / boilerplates

[tirumaraiselvan]

Details:

Currently, auth/user management is delegated to a preferred choice of external auth service. A simple self managed service could be username/password based service on the same Postgres database as Hasura.

The service should have the following APIs:

1. /register : Register a user using username and password.
2. /login: Check creds and return an auth token.
3. /resolve: Get auth token (from header), resolve it and return X-Hasura-User-Id and X-Hasura-Allowed-Roles

Deployment instructions:

1. A migrations script (for required tables) should be included.
2. A simple way to deploy on (any) cloud should be included.

[elitan]

There are some community initiatives on GitHub:
https://github.com/elitan/hasura-backend-plus
https://github.com/DevSpeak/hasura-simple-auth

[plmercereau]

Hello,
Another boilerplate with JWT and implement multiple roles management through x-hasura-allowed-roles: https://github.com/platyplus/authentication-server

[mnlbox]

@elitan, @plmercereau, @DevSpeak Thanks guys but we can add one complete example to community folder of official repo (this repo) for simpler access.

Now my question is which one of above example are better? 🤔

[mnlbox]

@tirumaraiselvan, @elitan, @plmercereau, @DevSpeak Now Hasura support react-admin I think it can be useful if selected boilerplate can support user management task (create user, role, reset users password, ...) thought a GUI admin panel too.

What is your opinion?

[elitan]

Maybe we should include these repo links in the community/README.md file so it is searchable and easy to access for new users?

[mnlbox]

@elitan Yes I'm agree. Also a small comparison between these three solution can help user to select between these options.

[plmercereau]

Hello,
I did a PR with the above repository.
@mnlbox about the missing features you are mentioning, the assumption I made in this boilterplate is that this authentication service would connect to the same Postgres database Hasura would use.
I then manage users and roles as much as possible through the Hasura GraphQL API, for instance to update user profiles, allocate roles etc.
The missing endpoints so far are the ones related to password management, as password are encrypted in the database. I haven't decided yet whether I would put password modification, reset etc in the boilterplate, or if I would postgres functions that would be exposed through the graphql engine. The heavy lifting could then be handled by another service through a webhook (such as sending emails to reset password etc)
I don't know if that makes senses but I hope my two cents will help somehow. I drafted some limitations in my boilerplate readme and would be happy to get some help, especially about the JWKS endpoint as I am really stuck on this one.
Cheers