Open geoffsmith82 opened 1 month ago
You've covered off quite bit here. We're currently running:
a small server / desktop app using DMVC on the bac end and a VCL app communicating via a REST API All of these applications are secured with OAuth2 JWT tokens issued by a third party IdP. We've written a separate authorisation middleware layer based on Smart on FHIR which suits our application domain. Happy to share a little more via the facebook group if you ask. We've found that you need to understand that web apps have a different paradigm than traditional c/s or three tier apps but DMVC can smooth the migration once you figure out what belongs at each layer of the stack. Related to your initial questions, you need to separate the identity/authentication part of the functionality (IdP) from the authorisation (roles):
authentication of users (IdP) admin interface (roles) signup / email verification (IdP/Roles) forgot password (IdP) mfa (IdP) user profile editing (Roles)
I would recommend using a third party OAuth2/OIDC service for the IdP functions and using application/role based functions for the rest.
David, if you can describe your success case I think that could be inspirational for some new users. If you want to write a small doc describing such system I can publish on the blog, link from the project page etc.
Let me know
What would be good is a fairly complete demo that includes what would be necessary for an multi-user authenticated website created with DelphiMVCFramework. It would include things such as
Currently the existing demos show how to implement various features - which is could to assist in understanding them and probably makes it easier to integrate into existing systems, but if you just want to get on with implementing your site from the start, there is a lot of code that needs to be written to get to the point of a secure and usable site.