Introduction
Centralized IAM module for moleculer. Including a certified OIDC provider and an Identity provider for user profile, credentials, and custom claims management feature. Custom claims could be defined/updated by declarative schema which contains claims validation and migration strategy. Also including default interaction React.js application for login/logout/registration and other OP interactions, and the account management React.js application.
Project Architecture Diagram
- Identity Provider
- based on RDBMS
- declarative claims schema definition for validation
- dynamic update for claims schema and scope
- versioned claims with robust claims schema migration support
- each identities are cached as JSON value for performance
- support complex query for fetching identity
- basic OpenID claims battery included
- ready for distributed system
- OpenID Connect Provider
- based on
panva/node-oidc-provider
- OpenID certified library
- ready for basic interactions for below react app
- federation presets for google and facebook, kakaotalk based on passport, also extendable
- support i18n; for now ko-KR, en-US
- Moleculer integrated actions and events
- manage IDP claims schema and identity
- manage OP client and other models
- React App for OP interaction rendering
- based on
react-native-ui-kitten
andreact-navigation
- session based
- support i18n; for now ko-KR, en-US
- support login/logout/register/findEmail/resetPassword/verifyEmail/verifyPhone/consent
- support theming and various customization option without rebuild from server configuration
- this whole app can be replaced to custom one from server configuration



mol1
════════════════════════════════════════════════════════════════════════════════════════════════════════════════════
╟ action │Params
╟────────────────────────────┼──────────────────────────────────────────────────────────────────────────────────────
║ iam.client.count │ where
║ iam.client.create │ client_id, client_name, client_secret, client_uri, logo_uri, policy_uri, ...
║ iam.client.delete │ id
║ iam.client.find │ id
║ iam.client.get │ where, offset, limit
║ iam.client.update │ client_id, client_name, reset_client_secret, client_secret, client_uri, logo
║ iam.id.count │ where
║ iam.id.create │ scope, metadata, claims, credentials
║ iam.id.delete │ id, permanently
║ iam.id.find │ id, email, phone_number, where, scope
║ iam.id.get │ where, offset, limit, scope
║ iam.id.refresh │ id, where
║ iam.id.restore │ id
║ iam.id.update │ id, scope, claims, metadata, credentials
║ iam.id.validate │ id, scope, claims, credenti
║ iam.id.validateCredentials │ password
║ iam.model.count │ kind, where
║ iam.model.delete │ kind, where, offset, limit
║ iam.model.get │ kind, where, offset, limit
║ iam.schema.define │ scope, key, description, unique, immutable, validation, migration, parentVersion, ...
║ iam.schema.find │ key, version, active
║ iam.schema.get │ scope, key, version, active