I am building a muli-tenant saas(software as a service) architecture
. I have to build the authentication system
for the system.
From what I have studied, I think I need to the build the authentication system based on OAuth2.0
and the bearer token with JWT tokens
.
After reading a lot about OAuth2.0 of how to build an OAuth2.0 server I still didn't understand
the full concept of OAuth
and also have confusion about whether I need it or not or I need some other Authentication system.
What my system need is we will provide an SDK
to all our customer and each client will have an Application Id
and a secret key
using the SDK client will connect to his application present in our system.
The application ID
will map the customer to his application present in our system and the client secret key
will authenticate the client inside the application.Do I still need to build an authentication system based on OAuth2.0 or can I build my own authentication system based on our need?
What are the use cases of OAUTH2.0 and when we won't need it to implement?
First, as clearly indicated in OAuth authentication
There is a standard for user authentication using OAuth: OpenID Connect, compatible with OAuth2.
In Go, you can look at
coreos/dex
, an OpenID Connect Identity (OIDC) and OAuth 2.0 Provider with Pluggable Connector.