Auxy - Authenticated Proxy

[TheConnMan]

Business Case

Microservice architectures require a large number of public and private APIs serviced by many individual services. Internal services may directly service public APIs, but don't need the added responsibility of handling multi-tenancy or authentications. These still need to be authenticated, though the endpoints should not be duplicated through an authenticated public API.

Auxy handles authentication and multi-tenancy as an authenticated internal API proxy. It handles authentication at the edge, but only proxies requests internally instead of duplicating them reducing memory pressure, common object dependencies, serialization/deserialization, and development complexity.

Workflow

• Requests come in to the public API fronted by Auxy
• Auxy handles an existing authentication token or credentials
• Auxy checks the validity of these credentials or token
  • If they are invalid requests are denied at the edge
  • If they are valid Auxy adds a tenant or user identifier header to the request
• Auxy checks the request path and proxies the request to the appropriate service

MVP

• Handle basic auth
• Handle adding and validating an auth token
• Basic DB support with migrations for a user and/or tenant table for authentication
• File based config for proxy paths to services
  • Instead of proxy paths this proxy could be just middleware. If any multi-target proxying is needed routing could be done behind this proxy.

Additional Features

• OAuth support from Google, Twitter
• Additional DB support (DynamoDB?)