rego.fyi: A Study in Serverless Authorization with Open Policy Agent

This page summarizes the projects mentioned and recommended in the original post on dev.to
Web programming UI Frameworks HTTP Server Material Design Fengsp/pencil —

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

  • rego.fyi

    • The code is here! rego.fyi

  • openfaas-function-auth-opa

    Open Policy Agent-backed authentication in OpenFaaS Serverless functions

    • The usual way to implement OPA for microservices is to stand up an authorization service implementing OPA and have other services invoke it over http using some of the published middleware. Even the OpenFaaS version written in Go depends on a standalone authorization service. I wanted to see if I could use OPA in a 100% serverless environment, making policy decisions in an API Gateway request authorizer without the overhead of additional http requests or the need to run a separate service. I found inspiration in this excellent sls-lambda-opa repo.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • Material UI

    Ready-to-use foundational React components, free forever. It includes Material UI, which implements Google's Material Design.

    • In order to keep my app from looking like complete trash, I used Material-UI from Google for the components and that was pretty easy. I also delved into Testing Library and I find it quite nice and loved that I could write tests without having to render anything shallowly. I used React Context for state and I like that a lot better than working with Redux. You can check my code or query about this in the comments as I'm not going to do into great detail here, but as someone who doesn't program in React every day, it's nice checking in and seeing these innovations.

  • frank_jwt

    JSON Web Token implementation in Rust.

    • I think of this solution as a layered architecture, where the bottom layer is the authorizer implementing the OPA library, capable of compiling Rego policies. On top of that is the actual policy that states I want to compare a claim like permissions or subscriptions or I'm interested in the HTTP resource and method. Above that is the service or endpoint-specific data that states the actual resources, methods and subscriptions that will be evaluated. Then finally we have the user's session or context, delivered in a JSON Web Token (or JWT).

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • Show HN: Storing Private Keys in the Browser Securely

    2 projects | news.ycombinator.com | 23 Apr 2024

  • Authentication using JSON Web Tokens.

    1 project | dev.to | 11 Apr 2024

  • Rethinking password security: say goodbye to plaintext passwords

    1 project | dev.to | 2 Apr 2024

  • JWT, JWS, JWE and how to cook them

    3 projects | dev.to | 28 Mar 2024

  • JWT Authentication in NodeJS

    1 project | dev.to | 29 Feb 2024