Databases

Supported Databases

• Postgres (opens in a new tab)

  Sample connection string: postgres://username:password@localhost:5432/postgres

• Yugabyte (opens in a new tab)

  Sample connection string: postgres://username:password@localhost:5432/postgres

• CockroachDB (opens in a new tab)

  Sample connection string: postgres://username:password@localhost:5432/postgres

• MySQL (opens in a new tab)

  Sample connection string: username:password@tcp(localhost:port)/database_name

• PlanetScale (opens in a new tab)

  Sample connection string: username:password@tcp(localhost:port)/database_name

• MariaDB (opens in a new tab)

  Sample connection string: username:password@tcp(localhost:port)/database_name

• SQLite (opens in a new tab)

  Sample connection string: test.db

• SQLServer (opens in a new tab)

  Sample connection string: sqlserver://gorm:LoremIpsum86@localhost:9930?database=gorm"

• MongoDB (opens in a new tab)

  Sample connection string: mongodb://localhost:27017

• ArangoDB (opens in a new tab)

  Sample connection string: https://root:password@localhost.arangodb.cloud:8529

• CassandraDB (opens in a new tab)

  Sample config

    DATABASE_TYPE=cassandradb
    DATABASE_HOST="db connection string"
    DATABASE_USERNAME="test"
    DATABASE_PASSWORD="*********"
    DATABASE_CERT="Base64 encoded cert string"
    DATABASE_CERT_KEY="Base64 encoded cert key"
    DATABASE_CA_CERT="Base64 encoded CA cert"

  Note for CassandraDB: If you are using cloud provider like DataStax (opens in a new tab), they don't allow creating keyspace. So please make sure you have keyspace named authorizer created from their GUI (opens in a new tab).

• ScyllaDB (opens in a new tab)

  Sample config

    DATABASE_TYPE=scylladb
    DATABASE_HOST ="192.168.0.1,192.168.0.2,192.168.0.3"
    DATABASE_USERNAME="scylladb"
    DATABASE_PASSWORD="*********"

Note: New environment variable is introduced - DATABASE_NAME: as database name, is not part of connection URL in case of arangodb and mongodb.

• DynamoDB (opens in a new tab)

  Sample Config

  DATABASE_TYPE=dynamodb
  AWS_REGION=ap-south-1
  AWS_ACCESS_KEY_ID=YOUR_ACCESS_KEY
  AWS_SECRET_ACCESS_KEY=YOUR_SECRET

• Couchbase (opens in a new tab)

  Sample Config

  DATABASE_TYPE=couchbase
  DATABASE_URL="couchbase://127.0.0.1"
  DATABASE_USERNAME="scylladb"
  DATABASE_PASSWORD="*********"
  COUCHBASE_BUCKET="authorizer" // if not specified authorizer is default value
  COUCHBASE_BUCKET_RAM_QUOTA=1000 // if not specified 1000 MB is the default value
  COUCHBASE_SCOPE="_default" // if not specified _default scope is used.

Tables / collections created and used by Authorizer

• authorizer_users - store the basic user information
• authorizer_verification_requests - store the email verification / forgot password verification requests
• authorizer_sessions - store the user sessions generated

Data Store used for Authorization

With each user request, for which we want to make sure that user is making request with correct permissions, we need to validate HTTP Cookie / Authorization Header. JWT tokens send via request headers can still be manipulated, so in order authorize user we should not only validate JWT but validate them against the long living token stored on server. To improve the throughput/response time for each request we need to make sure that authorization doesn't take long time to resolve. Hence we need in-memory store.

Currently, Authorizer Supports two in-memory stores

• Redis (opens in a new tab) - persisted as long as a Redis server is on / user logs out.
• In-memory - stores in the memory of the current machine. Not recommended for production as machine memory might be less. Also, data it saves data till the system stops / restarts.