I have a couple of back-end APIs that can parse JWT and respond with 401 if required. This is the flow that I have in mind.
- User is presented a page with a link for 'Login with X'.
- User clicks on 'Login with X' and is redirected to an authentication page.
- User authenticates successfully and is presented a landing page.
- User clicks on a button, on the landing page, which triggers a API using the JWT that was provided to the browser after successful authentication.
I want an ultra light system(s) that can support the following. By ultra light, I mean, even a CLI option will do.
- Add users with default passwords.
- Provide option for resetting passwords.
- Control panel to set-up authorization on a per application (or API) basis with JWT.
I am aware of glauth/glauth and panva/node-oidc-provider but, I am not sure how to put them 'together'. Note, the key aim is to build a system good enough for a MVP or a 'decent demo'.
question from:
https://stackoverflow.com/questions/65882169/lightweight-authentication-and-oidc-implementations 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
