Authentication Recommendations (Go/Vue JS)

<p>Looking for recommendations/best practices/guidance on adding authentication to a web portal application. Back end is in Go, front end is a single page application in Vue JS.</p> <p>In our case we would like to first start with something more managed (either self-hosted in a docker, or external service) with UIs/built-in support for things like adding users, setting roles, configuring the emails sent out, forgot password flow. We do plan to later on add more of this functionality into our application (e.g. user registration, internal page to configure user roles).</p> <p>Currently considering:</p> <ul> <li><a href="https://auth0.com/" rel="nofollow">Auth0</a></li> <li><a href="https://firebase.google.com/docs/auth/" rel="nofollow">Firebase authentication</a> </li> <li><a href="http://www.keycloak.org/" rel="nofollow">Keycloak</a> </li> <li><a href="https://github.com/volatiletech/authboss" rel="nofollow">Authboss</a> </li> </ul> <p>Any other tools/platforms we should consider? Does the community here know when authboss will be updated with V2 or why it hasn&#39;t been updated since July 30?</p> <hr/>**评论：**<br/><br/>godlycow78: <pre><p>I was able to spin up my own authentication method really easily for an angular frontend and golang backend using jwt through AWS. Front end grabs a token from cognito and the back end just validates it against a public token key store. This approach could easily be expanded to any token issuing authentication method that your frontend can talk to, including another golang server that issues tokens to validate users. Feel free to PM if any of this might apply to your project, I&#39;d be happy to share them outline of my implementation!</p></pre>alhasaniq: <pre><p>please do share the outline </p></pre>godlycow78: <pre><p>I will be able to in a couple of hours. I&#39;d like to clean it up a bit and add some comments so that it can hopefully be helpful to you.</p></pre>coderjz: <pre><p>Thank you so much! We actually just moved off of AWS and I&#39;m not sure we would want to use Cognito. I&#39;ve explored Auth0 and it seems like this is exactly what they do themselves (with single sign on through the Auth0 platform).</p></pre>godlycow78: <pre><p>Oh yeah, I totally get that. I&#39;m going to be moving off of cognito as soon as I can in favor of my own solution for jwt auth, but it was a quick way to get auth going and make the clients happy. Sorry to be OP-doesn&#39;t-deliver, but I think it will actually be tomorrow, because of those selfsame clients :P edit: it&#39;s like they want software that works or something</p></pre>godlycow78: <pre><p>As long as you have some way to issue tokens, and a public key store for the token set then you should be good to go :)</p></pre>