Authentication and Authorization Overview

Organizing resources and design solutions related to Authentication and Authorization in system design.

Terminology

• SSO: Single Sign-On
• CAS: Central Authentication Service
• SAML: Security Assertion Markup Language
• OIDC: OpenID Connect

OAuth2 & OIDC

解决认证问题，身份是否合法，一般用 OpenID Connect
解决授权问题，选择访问资源，一般用 OAuth2

• https://developers.google.com/oauthplayground/
• https://www.oauth.com/playground/

Identity-as-a-Service

Providers

• Azure Active Directory (Azure AD).
• Amazon Cognito
• Google Cloud Identity
• 阿里云 应用身份服务
• authing
• auth0
• okta
• keycloak

Reference

• 阿里云 - IDaaS 术语表
• Open Policy Agent (OPA) An open source, general-purpose policy engine.
• Casbin An authorization library that supports access control models like ACL, RBAC, ABAC in Golang
• Dex IdP OpenID Connect (OIDC) identity and OAuth 2.0 provider with pluggable connectors
• OAuth2 Proxy A reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers.

More Readings

• 为什么选择 Gloo+OPA+Dex 组合实现 API Gateway?
• Zadig 如何用 Dex 实现账号系统管理
• Zadig 基于 OPA 实现 RBAC 和 ABAC 权限管理技术方案详解