We're looking to onboard okta eventually to our microservices. Here I've collected some thoughts on how best to do this with the stack we have.
Echo has a concept of middleware, specifically sessions.
We will be able to leverage this in our servers, though we will need a database to store these sessions, probably.
Luckily, the underlying session library called gorilla
has a list of stores it plays nicely with.
Okta has an unstable Golang SDK (their words) in beta, which they warn is prone to breaking changes. Plus it looks like that library is more for managing Okta accounts and things rather than enabling sign on in web apps.
Alternatively, there's here's a generic SAML library which we can leverage. We can use this in our Echo middleware to verify users when needed.
The above SAML library requires our microservices to generate certs and keys for authentication. According to a different saml repo, found here, Okta apparently does not require these keys. I will go with the gosaml2
library, as in its README it confirms that it works with Okta.
Once we get a cert and login URL for a dev instance of lab-microservice
, we can get rolling on enabling SAML.