Ridser is the short form of Rust Identity Service. It is a reusable component for the Backend for frontend pattern.

Service 1 Service 3 Service 2 Assets index.html File server Proxy Ridser Frontend

The project enables the frontend – running in the insecure browser domain – to establish a session and authenticate the user.

The login utilizes an OpenID Connect provider, e. g. Keycloak. These providers issues token to be used for backend web services for authentication and authorization. To keep the token within the secure server domain, the token is stored inside the server side user session. The user session is bound to an http-only cookie for enhanced security.

Additional proxy rules allow access to web services. Ridser injects the token during proxying, so that all services can identity the calling user.

A file based web server can serve HTML files, images and CSS. That is an easy possibility to provide HTML or JavaScript applications.