Taken the list of features from part 1 of this series, let’s go to select how we can achieve what:

  • local users
    • a good candidate seems to be: pstore, this is because we will use postgresql in the main application anyways.
    • The same author has released several libs that can be interchanged for one another depending on the datastore backend one wants to use.
  • possibility to hook into a user directory such as Active Directory, OpenLDAP
  • later-on: possibility to add OAUTH2, SAML or similar
    • goth seems to be the way to go here
  • self-registration
    • supported by pstore - “Supports registration and confirmation via generated confirmation codes.”
  • role-based permission model
    • pstore brings support for three roles (public, user, admin), but states it’s easy to add more. Will see!
  • multitenacy
    • a first glance suggests that this might be something we need to add or wrap around pstore.
  • self-service (“I forgot my password’)
    • can be wrapped around pstore
  • allow for addition of two-factor auth
    • This item is on the list to make sure 2FA is a requirement not to be forgotten, but it does not need to be present from the beginning. If one adds 2FA, I would go and see that privacyIDEA is being used as the backend.