
An authentication and authorization system based on RBAC for restful APIs - igeeky
https://github.com/iGeeky/wolf
======
sahilarora535
[https://github.com/casbin/casbin](https://github.com/casbin/casbin)

------
languagehacker
I'd probably rather use something a bit more broadly adopted, like OAuth2 +
OIDC.

------
xyst
The lazy me wants to use this for future projects to secure my apis, but the
curious me wants to reimplement this type of project in go.

Were there any gotchas in implementing this type of identity access management
system?

~~~
whoisjohnkid
Lol I was thinking the same thing. Go FTW!

------
pier25
In my current project we're using FaunaDB which handles authorization for you.
It really makes a lot of sense moving the permissions to the DB instead of
having them in the logic layer.

------
prpl
I have built something sort of similar based using purely `auth_request` and
nginx. Basically, ach nginx location (ingress rule in kubernetes)s the scopes
it cares about, and the request gets sent to a small webapp which checks a JWT
for those scopes, logs the user and access, etc...

The scopes look like github scopes, e.g. `read:resource`. So it’s more of a
capabilities based system vs an RBAC one, but we have translated roles (via
LDAP group membership) to capabilities to simplify things in some cases.

------
joantune
This is an underrated post at the moment.

Something like this is great to centralize management

