Platform SSO Services
These are the backend services that are responsible for handling the communication between Auth0 and the legacy systems. Repo: Platform SSO Services repo
Here is a list of the individual services:
sso-service
This service acts as the Custom Database Connections for the Auth0 username/password implementation.
At the moment the username/password login treats the legacy users DB as the source of truth and synchronizes the user data from the legacy DB to Auth0.
Eventually the source of truth will be Auth0 and this integration will be most likely deprecated.
At the same time this service is used by the Auth0's post-login action to retrieve user's information from the legacy Users DB and synchronize Auth0's user information for all login methods.
The post-login trigger is a function executed after a user logs in and when a Refresh Token is requested.
permissions-service
This service provides the APIs for Keylight integration with Auth0 and the UserDB.
ip-login-synchronizer-service
This service runs automatically to read all IP ranges from UsersDB to validate them and insert them into the IPs Redis DB.
This implementation helped to solve the overload resulting from so many IP-checks from the frontend since Redis is a high performance DB.
This allows the IP-Check to be performed against the Redis DB instead of the UserDB directly.
id-based-auth-service
This service checks that a given userId exists and is allowed to log in. It's used by id-login social connection in Auth0.
All Authentication Methods except for ip-login and username-password use id-login under the hood.
ip-based-auth-service
This service check if a given IP exists in IPs Redis DB which ip-login-synchronizer-service populates. The list of IPs in redis have been already filtered and contain only users that meet the conditions to perform login by id