Authorizer core
Authorizer is developed using Golang. Authorizer core comes with:
- GraphQL API
- Email and Password login
- OAuth login
- Forgot password
- Update profile API
- Web application with a login page, sign up page, and forgot-password page. These can save hundreds of hours 🕰️
- Secure session management with HTTP cookie
How Authorizer is secure?
One can authorize users in two ways:
- Using HTTP Only cookie
- Using JWT bearer token as part of
Authorization
header
On successful login, Authorizers server sends HTTP cookie to the browser. Client applications can use credentials:
include option infetch
for further authorization. User don't need to save this cookie in localStorage
or sessionStorage
. This helps us prevent XSS or CSRF attack.
Client applications can also save access_token
received on successful login in memory and use it as JWT bearer token as Authorization
header.
Why Golang?
- High performant
- Uses gin web framework, with best benchmarks
Why GraphQL API?
- Isomorphic schema
- Client applications can request the data that is only required
- In the future, we can stitch with other schema and offer schema-based permissions and user graph
Note: You can always use GraphQL API as a rest API with the appropriate request body
Last updated on March 20, 2022