Skip to content

Latest commit

 

History

History
43 lines (33 loc) · 1.7 KB

README.md

File metadata and controls

43 lines (33 loc) · 1.7 KB

Barong

Barong is an authentication service for microservice architectures using JWT standard. It's focused on security and rich KyC features.

Barong drastically reduce the time to build a new project, it takes care of the user flow:

  • User registration
  • Email verification
  • User login
  • Reset password
  • Account 2FA protection
  • Support documents upload/review to implement your own KyC flow

When a user login to Barong, he receives a cookie that is then used to keep track of his session. Every request made to a microservice of the stack goes through AuthZ service which validates the session and add a JWT the the header. A JWT is a signed json token containing basic user informations:

  • UID
  • email
  • role
  • KyC level
  • state

Microservices verify the signature of the JWT to validate the authenticity of the received information.

This way you can focus on the core functionalities of your product and delegate the user management flow to Barong.

Overview

It includes the following features:

  • Registration of users
  • Role based access control (RBAC)
  • Embedded KyC process
  • Integrated KycAID KyC plugin
  • Mailing system: event based, support multi-language, secured by cryptographic signatures
  • Service accounts
  • Focused on user privacy: sensitive informations are encrypted in database using vault, masks are applied on fields in user API endpoints
  • UI to manage users and KyC process: Tower

Examples of use-cases