Taken the list of features from part 1 of this series, let’s go to select how we can achieve what:
- local users
- a good candidate seems to be: pstore, this is
because we will use postgresql in the main application anyways.
- The same author has released several libs that can be interchanged for one another depending on the datastore backend one wants to use.
- possibility to hook into a user directory such as Active Directory, OpenLDAP
- later-on: possibility to add OAUTH2, SAML or similar
- goth seems to be the way to go here
- supported by pstore - “Supports registration and confirmation via generated confirmation codes.”
- role-based permission model
- pstore brings support for three roles (public, user, admin), but states it’s easy to add more. Will see!
- a first glance suggests that this might be something we need to add or wrap around pstore.
- self-service (“I forgot my password’)
- can be wrapped around pstore
- allow for addition of two-factor auth
- This item is on the list to make sure 2FA is a requirement not to be forgotten,
but it does not need to be present from the beginning. If one adds 2FA, I would go and see that
privacyIDEA is being used as the backend.