Authorizer core
Authorizer is developed using Golang. Authorizer core comes with:
- GraphQL API
- Email and Password login
- OAuth login
- Forgot password
- Update profile API
- Web application with a login page, sign up page, and forgot-password page. These can save hundreds of hours 🕰️
- Secure session management with HTTP cookie
How Authorizer is secure?
One can authorize users in two ways:
- Using HTTP Only cookie
- Using JWT bearer token as part of
Authorizationheader
On successful login, Authorizers server sends HTTP cookie to the browser. Client applications can use credentials:include option infetch for further authorization. User don't need to save this cookie in localStorage or sessionStorage. This helps us prevent XSS or CSRF attack.
Client applications can also save access_token received on successful login in memory and use it as JWT bearer token as Authorization header.
Why Golang?
- High performant
- Uses gin web framework, with best benchmarks
Why GraphQL API?
- Isomorphic schema
- Client applications can request the data that is only required
- In the future, we can stitch with other schema and offer schema-based permissions and user graph
Note: You can always use GraphQL API as a rest API with the appropriate request body
Last updated on March 20, 2022