Authorizer core
Authorizer is developed using Golang (opens in a new tab). Authorizer core comes with:
- GraphQL API
- Email and Password login
- OAuth login
- Forgot password
- Update profile API
- Web application with a login page, sign up page, and forgot-password page. These can save hundreds of hours 🕰️
- Secure session management with HTTP cookie (opens in a new tab)
How Authorizer is secure?
One can authorize users in two ways:
- Using HTTP Only cookie
- Using JWT bearer token as part of
Authorizationheader
On successful login, Authorizers server sends HTTP cookie (opens in a new tab) to the browser. Client applications can use credentials:include option infetch for further authorization. User don't need to save this cookie in localStorage (opens in a new tab) or sessionStorage (opens in a new tab). This helps us prevent XSS (opens in a new tab) or CSRF (opens in a new tab) attack.
Client applications can also save access_token received on successful login in memory and use it as JWT bearer token as Authorization header.
Why Golang?
- High performant
- Uses gin (opens in a new tab) web framework, with best benchmarks (opens in a new tab)
Why GraphQL API?
- Isomorphic schema
- Client applications can request the data that is only required
- In the future, we can stitch with other schema and offer schema-based permissions and user graph
Note: You can always use GraphQL API as a rest API with the appropriate request body