This post shall be an overview about my series on how to design and implement an architecture to secure a complex platform.

In difference to a small web application, for example a website with a frontend, backend and a relational database, where you have only one user, the owner/admin and/or a few others. There it is easy to select a securing method, like session based authentication or token based authentication and then check if a requesting user is authenticated and what role he has. In this simple usecase you have a small monolithic application, but if you have a bigger platform, based on multiple microservices, then it will be hard. If you want to give third parties access to your platform or if you are having different platforms, where

  1. Overview about authentication and authorization methods
  2. Implementing one method with OAuth/Open ID Connect #1
  3. Adding third party client registration