Recently at our semi-regular architecture discussion group, we’ve been looking at the Auth0 service: what it is, how it works and when it might be a good idea to use it. By Adam Warski.
This article focuses on using Auth0 as a case-study for the more general problem of when to use external services in our microservices mix, and when to roll your own.
As we move towards fine-grained single-responsibility microservices, it’s increasingly feasible to use an external service for the “standard” parts of each system. We’re commonly doing this with logging, using services such as Loggly or DataDog. We’re using managed databases, be it on AWS, Heroku or database-vendor-specific solutions. We’re storing binaries on S3. Externalising user authentication and authorization might be a good candidate as well.
On one hand, it’s totally reasonable not to write yet another UserService which handles user authentication and authorization. It’s been done before, and we all like to reuse code. On the other, using an external service requires us to let go of the otherwise total control we have over our system.
The article is split into:
- Introduction to Auth0
- External microservices
- Replaceability
- Security
- Latency
- Extensibility
- Cost
- Automation
- Testing
Let’s not forget about testing! Since we are externalising part of our system, we will no longer be able to run everything on our laptop. We’ll need service stubs for local development anyway. Good read!
[Read More]