I'd like to implement a (small) microservice infrastructure, separating the app business logic (domain-related) from the tedious task of user authentication and api key management.
In my scenario, I have some registered Users which belong to some Organizations. Registered Users can read the data of their Organization (of course with roles and so on) and they also have some automated services which read and write data, using an api-key authentication for simplicity.
Budget is low (say zero), since it's a concept for now. So no cool paid services like AWS, Azure, Auth0. I'd also like it to run on local containers with Docker. Preferred language for the business logic is TypeScript/JavaScript (Nest.js), although I imagine a language-agnostic scenario.
So my idea was to use:
- FusionAuth for user management, since it provides a neat UI and all the stuff for managing user data (CIAM) and supports many authentication strategies (OAuth2, JWT, ...), defines user, applications, roles, etc, but does not handle per-application api-keys nor routing (it is not an api-gateway) .
- Express Gateway for api-key authentication, routing and access to consumed services, but bypassing its user and application management system, which I feel I don't need here
- Nest.js (or other web frameworks) for the business logic service(s), e.g. inserting and querying data to/from the main application database(s)
I'd like FusionAuth and Express Gateway to work together, but it's not clear to me whether I need to implement a custom express-gateway-plugin or not (e.g. use jwt?).
Everything will work behind a reverse proxy (nginx) that will handle https.
I'd like to hear some suggestions, e.g. if this scenario can be correct and if those technologies can work well together, if somebody experienced a similar scenario, or if there are better alternatives for this scenario.
