Authorizer core

Authorizer is developed using Golang. Authorizer core comes with:

  • GraphQL API
  • Email and Password login
  • OAuth login
  • Forgot password
  • Update profile API
  • Web application with a login page, sign up page, and forgot-password page. These can save hundreds of hours 🕰️
  • Secure session management with HTTP cookie

How Authorizer is secure?

One can authorize users in two ways:

  1. Using HTTP Only cookie
  2. Using JWT bearer token as part of Authorization header

On successful login, Authorizers server sends HTTP cookie to the browser. Client applications can use credentials:include option infetch for further authorization. User don't need to save this cookie in localStorage or sessionStorage. This helps us prevent XSS or CSRF attack.

Client applications can also save access_token received on successful login in memory and use it as JWT bearer token as Authorization header.

Why Golang?

Why GraphQL API?

  • Isomorphic schema
  • Client applications can request the data that is only required
  • In the future, we can stitch with other schema and offer schema-based permissions and user graph

Note: You can always use GraphQL API as a rest API with the appropriate request body