As Tony Hoare said; "There are two ways to build a system: You can either make it so simple there are obviously no flaws or you can make it so complex there are no obvious flaws".
Thesis: Auth has become way too complicated. Complexity is a risk in itself.
Solution: A very simple, fast, auth server that can handle lots of users.
Features
- handle https requests
- threadpooling for requests
- login endpoint
- store passwords in db, encrypted
- roles
- check requester role
- add/remove users if admin
- reset password
- as user (with old password)
- as admin (old user password not required)
check requestor is admin assume original password is lost upsert any user with the data provided (needs username, password, role)
example bodies
- 'bob:his_new_password'
- 'bob:his_new_password:ADMIN'
use the password in body as new password only for this user (only change password, not role)
example body
- 'new_password'
check reqestor is admin duh