- Pink, Pumo and Stylist Suite currently uses a combination of Devise and Doorkeeper to provide authentication and tokens to admin users.
- Users are assigned roles that are composed of fine-grained permissions
- Validating a user request against their permissions requires a DB request
- Very little separation between users and customers
- Currently not using scopes for access control
- Missing OIDC features like audiences, JWT and UserInfo endpoint (could be enabled through Doorkeeper extensions)
- support vanilla OIDC providers
- simpler since microservice endpoints only need to think about tokens and not the entire auth flow
- All employees are GSuite users
- Easy to provision/ deprovision
- Difficult to assign roles and persist them in JWT
- What about third parties that are not in Gsuite?
- cryptographically signed
- decentralized
- can be inspected (in a web browser, for example)
- Used by Vendor Portal
- Supports enterprise integrations (GSuite)
- security certifications
- Audit trail
- Many more things
- Supports any OIDC identity provider
- Provided Auth primitives as opposed to a polished Auth product