SREday 2023

14 - 15 Sep London, UK
Site Reliability Engineering Conference

Centralise legacy auth at the ingress gateway

Andrew Kirkpatrick

Tired of "just use JWT!" tutorials? Learn how you could move your existing legacy authn/authz to a centralised service working together with your ingress gateway. Convert basic, bearer or other authentication mechanisms into a common format, even handling multiple auth types for all your endpoints.

Most platforms built over time will have a variety of API endpoints, either in a large monolithic codebase or spread across a few services. Ideally these will have a centralised way to handle authentication and authorization, but often they are built at different times for different needs, and can end up with their own separate auth. This then becomes tricky to manage cohesively when either breaking up a monolith, or handling identities consistently across a service-oriented architecture. Whilst there are many approaches (all valid) to centralising auth, this talk looks at how existing legacy auth code can be abstracted out to a new service that can work in combination with an ingress gateway to provide a central place to enforce authentication and determine authorization. Content will include showing how allow/deny logic works, how auth information can be sent to downstream services, and how multiple auth mechanisms can be handled by a single auth service.

Developer and DevOps enthusiast from the middle of England. Built infrastructure for web applications from pre-VMs through VMWare/Xen/Hyper-V through to AWS and GCP, albeit often haphazardly amidst a variety of automation. Bedroom DJ, slow cyclist and mechanical keyboard junkie.

Sponsors & Partners

Want to become a sponsor? Get in touch!