I have a bunch of microservices (10 to be precise), each with it´s own database, own code repo, own deployment pipeline, and all the recommended stuff for microservices architecture.
However, I dont have a clue on how to build the front end pieces, which are about to be developed by front end programmers.
Should I have 10 of them, one for each backend microservice?
Or should I have just one?
Maybe I can group some microservices, related to ADMIN role for instance, and create a single frontend for it? And another for another ROLE? Since I have about 4 ROLES, I may have 4 frontend apps?
For the final user, app (ui) should look like a monolithic.
What can you tell??
Briefly speaking, the services are (ADMIN, CLIENT, DISTRIBUTOR and RESPONDENT as roles):
1) oauth server (ADMIN, DISTRIBUTOR)
2) users service (ADMIN)
3) products service (ADMIN)
4) survey service (CLIENT)
5) jobposition service (DISTRIBUTOR)
6) answer service (RESPONDENT)
7) Email template service (ADMIN)
8) Credit/transaction service (ADMIN)
9 and 10) Batch services, but UI for showing batch status and result (ADMIN)
Thanks
It is not necessary that you need to have 10 front end services one for each backend service but try to have as many front end service as possible to fully utilize the advantages of microservices.
I don't think separating the front end based on the role is a good idea. Separation should be done based on the domain, products & sub products.
I am not completely aware of what those 10 services are so it is very difficult to say how to separate the front end service.
Related
My company owns several (verified) facilities and using my company's email i can see those locations (business.google.com).
Now, my company would like to fetch the reviews in each location and present it in our company website. Before we're using the Google Place API but since it only returns the latest 5 reviews we opt to using Google My Business API to retrieve a location's complete reviews. We'd like our backend (PHP) to retrieve the reviews so using the same email I created a service account (console.developers.google.com/apis/credentials) because we don't need the end user to allow/interact anything when browsing our website.
Using postman (with my signed JWT) I have managed to get a valid access token
...that I use to retrieve the lists of accounts (mybusinessaccountmanagement.googleapis.com/v1/accounts) I could see the service account itself alone in the response.
Now, I tried calling the account locations api (mybusiness.googleapis.com/v4/accounts/{MY_ACCOUNT_ID_HERE}/locations) but it only returns and empty object response.
Can someone help me resolve this issue. Why my service account can't see the verified locations under my company's email. Is this even possible? Thank you.
Even that this is an older question - I run into the same issue calling the new Google My Business Information v1 API (getting empty results) using a service account.
It seems, that it is not recommended to use Service Accounts, I found this support article on Google: https://support.google.com/business/thread/8281160/cannot-get-access-to-gmb-locations-with-service-account-with-nodejs?hl=en
The "official" recommendation is to use OAuth.
But we finally made it using Service Account. The following steps are necessary to resolve it (at least for us it is working now):
Add a project in Google Cloud Platform
Add and enable the Account Management and Business Information API's.
Add the service account and generate a key (https://developers.google.com/identity/protocols/oauth2/service-account#creatinganaccount)
Make the Business Profile API request (you need the approval made by Google to be able to make requests against the two API's; otherwise you may run into quota exceeds as "Request per minute" is set to 0 by default). Important: It may take up to 2 weeks until, but we received the approval within about 5 days
Enable domain-wide delegation for the service account using the scope "https://www.googleapis.com/auth/business.manage". More about domain-wide-delegation: https://developers.google.com/identity/protocols/oauth2/service-account#delegatingauthority)
Add a user identity in GCP. This user also needs to be added in Google My Business for editing locations. When creating your ServiceAccountCredential object, impersonate this user.
Security concerns:
Domain-wide-delegation enables that everyone knowing/having the credentials of the service account could impersonate any person (identity) from withing GCP. At least in this case only for Business Profile API, but anyway, keep this in mind.
Also using private keys for authenticating the service account is not recommended, you should be aware to regularly change / create a new private key or there would be a solution with Identity Workload.
Hope this helps everyone facing the challenge with GMB / GCP / service accounts :-)
I'm building a website for a client who wants to showcase his company's products.His company has like 5 sub companies. For example, his company is called Nazzy industries (named after Nazzy his endeared grandmama). Nazzy Industries has 5 sub-companies. One distributes snacks, one sells safety equipment, one sells cars.
I"m going to build a large website but I may want to serve sub companies in their own domains in the future. Is this possible?
This is possible with a little workaround.
You need to first verify ownership of all the domain names (through the google cloud console). Console > AppEngine > Settings > Custom Domains
In the application you will need to check from which domain the request is incoming. All languages should support that already, a simple thing.
This information is not verified from zero to production. But almost sure this can be done this way.
For both Standard and Flexible you set up your domain names in Products & Services > App Engine > Settings > Custom Domains using wildcards and subdomains in following ways:
Have services named cars, snacks, etc, which will be mapped to cars.nazzy.com, snacks.nazzy.com, etc.
Later you can separate them to different domains, like: ncars.com, nsnacks.com .
You can set it up in one way and then transition to the other without changing code or configuration of your applications at all.
I'm using Identity Server 4, Asp Identity, EF Core and one database.
I have 3 projects at the moment
IdentityServer - Contains all data contexts and all migrations with my app tables
Api - no context, no migrations however I need to access database somehow from here
Clinet - javascript
The question:
How do I access data context from IdentityServer project and still have all settings (db connection, etc) in one place. I understand I can reference IdentityServer from API and use data context but it seems not right to me. What is the preferred way to do this ?
Since you are interested in this option, I've decided to move my comments to this answer.
First of all, IdentityServer is not the place for your app tables. These are seperate contexts and separate migrations. The preferred way is to maintain the separation of concerns.
As I explained in my answer here, you don't need a relation between the login user and your business context. Instead create a user in the business context. The login user has a different purpose than the business user.
I don't have code for you, but you can take one of the sample apps from IdentityServer. Adjust the API to use your business context. In that context add a user table (which links to the sub claim) and the fields you need for the business context. BTW it doesn't matter if the tables are in the same database, just don't mix the contexts.
In IdentityServer: if the user may register for one website then you can extend the registration form with a drop-down of available websites. Or a list if the user can register for multiple websites.
Now it depends on the chosen strategy. You can wait to register the user in the API, but I think it is far more easy to register the user straight away. There are other options, but here's one where it is part of the IdentityServer configuration (without adding business logic to IdentityServer):
Extend IdentityServer to call the API after registering the user. For this I would add a table in the IdentityServer context with URLs to register per website. When the login user is created, call the configured API(s) to register the business user.
In the API you need to add the method that IdentityServer can call to create the user, linked to the sub claim and including the required user information. This way you can suffice with the sub claim to identify the login user and link this to the business user.
You can use a similar strategy for client apps. Extend IdentityServer with an API method to allow client apps to register users.
If you want to withdraw access, you can delete the login user without having to delete the business user. Which you don't want if you don't want to destroy historical information. You can also use claims to specify if the user has access to the website without having to delete the login user.
Our CakePHP 3 app (a POS System) is going to use subdomain approach where clients will share a common code base but run on individual databases.
2 things from the config (app.php) file will be unique to each instance : database details and security salt. These details will be stored in a table of main site database (wordpress) and I want to load them based on the subdomain opened. (abc.maindomain.com or xyz.maindomain.com)
I am not sure where should I implement this stuff in the code. bootstrap.php seems to be the only viable solution for now. What are experts' thoughts over this? I plan to store those details in a session once loaded so that system doesn't need to call main database everytime.
I'm building four websites. They all should have the same login-datas (user can registrate on website 1 and also can use website 2 and 3 by using the same Login-Name).
My idea was to use the MS SQL Membershipprovider (good idea?).
Now I don't know where to place the SQL-Mebershipprovider (in an extra databse? or together with the websites? -> sound like getting chaos^^)
A other idea I've read was to create a webservice to the authentification?
But I think I'm getting problems with the data consitency, because I think there is no way to point from one database to an other (linking for example the usertable in database one to the texttable in databse 2).
I want to use MVC3 and a MS SQL-database.
Any experiences or ideas?
Thanks a lot!
You can use a separate membership database to do this and just point the providers of each site at this database.
If you wanted to use the role provider you would have to have the same roles in all four websites which may not be what you want. You could use a central database to just handle authentication and then create a local user record in each website that links back to your central user database (you will have to do this linking manually i.e. no relationship). This will then let you role your own role provider for each site.