Is it possible to use Authn as a library in any Go project?

[frederikhors]

It would be amazing to use Authn as a library in any Go project (like does https://github.com/volatiletech/authboss), without the need to call another service on each API call.

Is this already possible?

[cainlevy]

Hi @frederikhors,

without the need to call another service on each API call.

When you use one of the backend integration libraries, your application will automatically cache the public keys necessary to validate a token. They will only need one API call an hour, maybe, as keys rotate.

It may be possible to run AuthN as a library, but I'm not sure what would distinguish AuthN vs any other in-process solution. The process isolation is the main benefit.

[frederikhors]

It may be possible to run AuthN as a library

How? Is there any docs?

I'm not sure what would distinguish AuthN vs any other in-process solution

There are no good in-process libraries for Go.

[cainlevy]

Wow, I didn't realize that. What's your take on the Authboss library you linked originally?

There aren't any docs for using AuthN as a library, and I haven't thought through the scenario enough to write them on the spot. However, I think you'll find the code is organized in a way that lets you reference the internals using standard Go import paths. You might look at importing the routing table, or the services used to implement business logic for HTTP handlers.

Note that this would be a DIY path. I don't plan to officially support it, because the tradeoff in the security model doesn't appear to be worth optimizing away the API traffic that exists.

[frederikhors]

What's your take on the Authboss library you linked originally?

Problems, like this.

I don't plan to officially support it

Ok. Thanks.