Managing Authorization in Microservices

Discovering a way to manage authorization and permissions in microservices architecture using authorization-as-a-service πŸ”.

journey authorization permissions permify microservices
Managing Authorization in Microservices

Authorizations in Microservices

When developing a monolithic application, managing authorizations and permissions is a bit easier since you have a single point of control for all authorizations and permissions. However, with the rise of microservices, this task becomes more complex.

In a microservices architecture, each service typically has its own database and logic for handling permissions. This can lead to duplication and inconsistency in how permissions are managed across services. Additionally, sharing permissions between services can become problematic.

One way to solve this issue is by using Authorization-as-a-Service πŸ”. This approach involves creating a separate service dedicated to managing all authorizations for the various services within your architecture. This centralizes control, ensuring consistency and simplifying the management of permissions across your microservices. 🌐

Proof of Concept (POC) πŸš€

Today, I’ll do a quick proof of concept (POC) to explore authorization management. I’ll use an open-source solution that provides this functionality

there are plenty of options available.

Some of Open-Source solutions πŸ› οΈ

  • perimfy
  • openfga
  • casbin
  • topaz

Cloud solutions ☁️

  • there are good cloud solutions like Permit.io

For today’s POC, I’ll be using Permify. βœ…

permify

  1. Run the permify service on docker and expose HTTP and GRPC ports.

step

  1. Created a new tenant at permify to store our policies

step

  1. Created our schema, using the traditional RBAC model for simplicity πŸ”§. However, in real-world, complex applications, there are many models designed to handle complex use cases.

In fact, Permify is considered as fine-grained access control service, inspired by Google’s Zanzibar. 🌐 This allows for more detailed and flexible permission management, making it suitable for more complex scenarios.

Permify has a great article about their solution Here

step

step

  1. Attached roles to our users

step

  1. Created a simple nodejs services to test check user permissions using GRPC via permify sdk.

step

step

  1. Created a wrapper to check user permissions.

step

  1. Final Test

step

Home | Categories | Sitemap