ardan-bkennedy
commented
5 months ago OPA allows the Go service to be disconnected from handling authorization. We don't want to roll our own auth, nor do we want Go conditional logic to handle this. The current implementation embeds the rego code, but there is nothing stopping us from fetching that code and being alerted of changes. In the best scenario, we use a service from Styra to handle this completely outside the service.
What is the reason for using opa? What unique feature does opa give us to use for authentication and access authorization?
https://github.com/ardanlabs/service/blob/master/business/web/v1/auth/rego