leash-provider
High-performance Ruby on Rails OAuth2 provider for a closed set of trusted apps with multiple roles support.
Use cases
Leash is built to support the following scenario:
- You build a system that consists of multiple apps.
- List of the apps does not change too often and apps are not created during system runtime.
- You want to have a central authentication system for these apps but authorization can vary from app to app.
- You have a few fundamentally different user classes (user, admin etc.).
- These apps are trusted, in other words: if app talks to auth server with valid credentials, you don't ask user whether he/she allows to enable data flow.
Potential use cases are:
- Intranet.
- Larger websites that are decoupled into several smaller apps.
Fundamental ideas
- As the app list is fixed, let's store their credentials in ENV. Fast, easy to maintain and compatible with 12factor.
- As tokens are not very persistent, let's use redis for storing them.
- As such app can be a subject of high load, let's use redis as a backend.
- Do not reinvent the wheel, let's use devise for authentication.
Supported OAuth 2 flows
- Authorization Code (for apps running on a web server)
- Implicit (for browser-based or mobile apps)
Unsupported features
At the moment, Leash does not support:
- Any other flows than mentioned above.
- Scopes.
- Token refreshing and invalidation.
Compatible ruby version
- Leash is tested with ruby 2.2.1.
Status
Work in progress. Early stage of development.
License
MIT
Author
Marcin Lewandowski