- cached session management
- backward compatibility with legacy system
- inter microservice communication authorisation
- safe & secured project (audited project dependencies and scrutinised API)
- maintainable & scalable project (modular codebase and organised DB)
- config driven authentication (protocols, token structure and design patterns)
Last active
March 23, 2026 03:33
-
-
Save anushshukla/98c4b49ab335b06077bef5a7129c38e7 to your computer and use it in GitHub Desktop.
Access Service Wiki
Registered users will be able to perform actions on entities as per their access / feature rights.
For the purpose of checking user authentication and authorisation, an API would be built in the session server where the same Database, Redis and ACL files would be referred as per the legacy system along with the same logically checks.
This API initially would be only exposed internally for intra backend services communications.
The first consumer of the newly developed API would be a minor impacting service where it would be implemented by integrating with it.
For fetching of the authentication token, existing legacy system API would be used.
- checking authentication token is valid
- checking authorisation as per the client associated with the authorisation token
- API Access Rights
- API / IP Whitelisting
- creating authorisation token with TTL (expiry)
- creating refresh authorisation token to revise TTL.
After the first MVP deployment.
- Integration with new services or frontend applications
- Integration with other existing applications
- Code cleanup after completed E2E integration is complete
- Configurable (database driven) authentication and authorisation
- Integrate with the API Gateway
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment