|
| 1 | +--- |
| 2 | +title: "Managing authorizations in microservices." |
| 3 | +date: 2024-08-09T20:11:50+03:00 |
| 4 | +draft: false |
| 5 | +description: "Discovering a way to manage authorizations and permissions in a microservices architecture using authorizations-as-service." |
| 6 | +image: "/images/journey/auth-as-service.png" |
| 7 | +imageBig: "/images/journey/auth-as-service.png" |
| 8 | +categories: |
| 9 | + ["journey", "authorization", "permissions", "permify", "microservices"] |
| 10 | +avatar: "/images/avatar.webp" |
| 11 | +--- |
| 12 | + |
| 13 | +## Authorizations in Microservices |
| 14 | + |
| 15 | +While developing a monolithic application, managing authorizations and permissions is a bit easier, as you can have a single point of control for all the authorizations and permissions. However, microservices have become a bit more complex. |
| 16 | + |
| 17 | +In a microservices architecture, each service has its own database and logic for handling permissions. This can lead to a lot of duplication and inconsistency in the way permissions are managed across services. also, there will be an issue of sharing the permissions across services. |
| 18 | + |
| 19 | +One way to solve this issue is to use an authorization-as-service. This means that you have a separate service that is responsible for managing all the authorizations for all the services in your architecture. |
| 20 | + |
| 21 | + |
| 22 | +### POC |
| 23 | + |
| 24 | +Today I will do a quick proof of concept. I will use an open source that provide this functionality, there are a lot, |
| 25 | + |
| 26 | +#### Some of Open source solutions |
| 27 | +- perimfy |
| 28 | +- openfga |
| 29 | +- casbin |
| 30 | +- topaz |
| 31 | + |
| 32 | +#### Cloud solutions |
| 33 | +- there are good cloud solutions like [Permit.io](https://www.permit.io) |
| 34 | + |
| 35 | +For today poc I will use [Permify](https://permify.co/). |
| 36 | + |
| 37 | + |
| 38 | +--- |
| 39 | + |
| 40 | +1. Run the permify service on docker and expose HTTP and GRPC ports. |
| 41 | + |
| 42 | + |
| 43 | +--- |
| 44 | + |
| 45 | +2. Created a new tenant at permify to store our policies |
| 46 | + |
| 47 | + |
| 48 | +--- |
| 49 | + |
| 50 | +3. Created our schema, I used here the traditional RBAC model for simplicity. but in the real world and complex apps, there are a lot of models for complex use cases. Actually, Permify is considered as fine-grained access control service inspired by `Google’s Zanzibar`. |
| 51 | + |
| 52 | + Permify has a gread article about their solution [Here](https://docs.permify.co/permify-overview/authorization-service) |
| 53 | + |
| 54 | + |
| 55 | +--- |
| 56 | + |
| 57 | +--- |
| 58 | + |
| 59 | +4. Attached roles to our users |
| 60 | + |
| 61 | + |
| 62 | +--- |
| 63 | + |
| 64 | +5. Created a simple nodejs services to test check user permissions using GRPC via permify sdk. |
| 65 | + |
| 66 | + |
| 67 | +--- |
| 68 | + |
| 69 | +--- |
| 70 | + |
| 71 | +6. Created a wrapper to check user permissions. |
| 72 | + |
| 73 | + |
| 74 | +--- |
| 75 | + |
| 76 | +7. Final Test |
| 77 | + |
| 78 | + |
| 79 | +--- |
0 commit comments