Version #
Version 1
Module Type #
Non-Standard
Internal Name #
auth
Status #
Draft
Description #
In version 1, the Auth module is intentionally minimal. Its sole responsibility is to allow users to log in and receive a Token that grants access to the system. All Authentication is delegated to external providers (e.g., Keycloak, Auth0, Okta, etc.), and no internal mechanisms such as session management, Token refresh, or MFA are implemented. The module simply acts as a gateway: users authenticate via the external provider, and upon success, a Token is issued and returned for use in subsequent API calls.
External Authentication Providers (examples):
- Keycloak
- Auth0
- Okta
- FusionAuth
- ORY Hydra/ORY Kratos
- AWS Cognito
- Azure AD B2C
- Firebase
- Google Identity Platform
Clarifications #
- External Provider Reliance: Authentication logic is fully outsourced to trusted external providers. Users log in through these providers, and the resulting Token is used for system access.
- Token-Based Authentication: The issued Token (typically a JWT) is the only credential needed to validate access across the system. Every API request must include this Token as a bearer Token.
- Minimal Functionality: Only basic login and Token issuance are supported in version 1. Advanced features such as session management, Token renewal, and multi-factor Authentication will be considered in future releases.
- Security Focus: As the module does not handle sensitive credentials directly (the external provider manages these), it minimizes internal security overhead while relying on the robust security measures of the external Authentication provider.
This approach simplifies implementation and testing, providing a solid foundation for future enhancements while ensuring secure, Token-based access to the platform.
