Friday, December 25, 2020

Scalable authentication service

Modern applications should be vertically scalable. In this case, we use a load balancer, which forwards requests to individual nodes. Each node can be one application. The data is stored in a database that replicates between nodes. Almost any database engine - SQL and NoSQL - allows you to replicate a database. However, the most suitable for replication are modern NoSQL databases such as Redis, Amazon SimpleDB, MongoDB.


If your application uses Sessions stored in a database, you will need to share the database between nodes. For applications that will scale vertically, it is better to use a different way of holding user information.  For example, a JSON Web Tokens.

JWT have been introduced as a method of communicating between two parties securely. Even though you can use JWT with any type of communication method, today JWT is very popular for handling authentication and authorization via HTTP.

How JSON Web Tokens work

Simply put, you take the data and create a fingerprint from it. You attach the fingerprint to the data and send the data. The recipient receives the data, creates a fingerprint from it and compares it with your fingerprint. If the fingerprints are the same, the data are valid.

There are more details. The token is divided into three blocks: header, payload and signature. The header contains information about the encryption algorithm used. Payload may contain additional information, such as creation time and expiration time. But it mainly contains data.In the case of authentication service, the data is about a user. For example email, name, id. The last part contains the signature. The entire token is base64 encoded.

Token

Pimp

The Pimp is lightweight authentication server based on JSON Web Token under the MIT licence. It is written in JavaScript on the NodeJS engine. It uses MongoDB to store data. In addition to the public API, it includes user management, token management, and event logging.

Public API

  • POST /api/v1/login 
  • POST /api/v1/refresh

For more details, please visit the project at the Github.