The Blackbook Project (Part 3)

Authentication vs Authorization

Randal Kamradt Sr
Level Up Coding
Published in
8 min readFeb 7, 2021

--

A Black Book
Image by DarkmoonArt_de from Pixabay

It’s been a while since I last wrote about this project. My Kubernetes server had a meltdown and I had to go through the process of setting it all up again. This time I stuck with a premade solution, MicroK8s as described in Exposing your Home Server to the Big Bad Internet. The ingress is hooked up directly to the Internet and SSL is handled through Cloudflare. Also, the volume claims are direct disk access since MicroK8s is a one-node cluster. The new Kubernetes description files are still in my GitHub repository blackbook-deploy.

Part 2 of this series ended when we had the backend server simply return the JWT cracked open and the front end displayed it as basic text. It was pretty ugly. Most of the fields of the JWT aren’t going to be used. But there is one, claims.sub that will be used to index into a MongoDB database to return a user record. That value is the user’s email address and will become the user identifier for this system.

Our read profile service will return one user record with all of the basic information about the user, and will only be available for that user. The endpoint will be seemingly misnamed ‘users’. I picked users because there might also be a class of administration users that can get all of the users, or users other than themselves. But that will be done…

--

--