Plug-in ideas: JWT auth, OAuth, GRPC discovery/proxying

I do a lot of small projects that have similar functionality, but because of language/framework differences can not be reused. I.e. a RoR application may use devise for auth/aoth but if I write something in Go I’ll likely use my own controllers to accomplish the task. I think it’s a waste of time to do such things over and over again.

One solution to this would be a microservice architecture that reused particular services in order to share functionality. However it’s my opinion from a devops perspective that this can cause a large amount of complexity that is completely undesired in the majority of projects. Especially one-off projects that operate independently.

So I’m planning on fiddling around with a few ideas that I think would be really awesome bundled into Caddy, which could then be used as the front-end proxy that functioned as a springboard for your future projects. I’m not suggesting these are worthy of default status or anything as for the most part they go way beyond what a typical web server should do. I’m just looking for feedback, experience, thoughts, conventions, or anything else you might find useful for the following ideas:

  • Authenticate JWT tokens passed from a client and forward a UUID header to an application server. You would merely have to deploy caddy with a secret key (in the caddy file?) to verify the token/uuid.

  • API creation seems really powerful to me and implementing the OAuth RFC in combination with access control, rate-limiting, etc, at the web server layer seems really powerful. Your application would then merely expose loosely defined CRUD endpoints and be somewhat ready to expose it to the general public, knowing everything was already handled further up the stack. This would probably need to entail an entire user-system including user CRUD, recovery, and so forth. How this would be incorporated into a plug-in (as DB access at the very least would be necessary) I haven’t yet figured out.

  • GRPC is pretty powerful and efficient, but I don’t believe their are yet standard ways for balancing, proxying, or discovering it yet. I think it would be really cool if you could run caddy and say “check nodes 1, 2, 3, and if they’re serving GRPC endpoint’s proxy/load balance between them”. This way you could spin up new GRPC handlers, modify the caddyfile, restart caddy, and be done with adding whatever functionality is needed. Bonus points that GRPC runs over http/2 so perhaps some performance gains could be made here as well.

Anyways I haven’t had my morning coffee yet so I hope this post wasn’t to verbose. Just had some cool ideas I wanted to share (just found this forum).

The Caddy jwt directive is third-party middleware that implements JSON web tokens based on a JWT_SECRET environment variable, currently it looks like it simply protects resources based on path.

Dunno if implementing OAuth and having a DB is within the scope of a web server, though, seems better off being incorporated into the application you’re serving. GRPC sounds cool, though.