A multi-tenant solution
From now on, all participants in our training courses will receive a badge in Open Badges format. For a long time now, a certificate of attendance has been issued at the end of the course. We have developed our own application for this purpose, which generates a PDF for each participant and sends it by email. This solution is precisely tailored to our needs and integrated into our training administration. When developing our own applications, our aim was to create small, independent solutions that do exactly one thing. In this case, the creation of a certificate of attendance.
Certificate of attendance
In order to issue a certificate of attendance, some information must be available. In addition to the name and company of the participant, the certificate must state the title of the seminar, the time period and the content in keywords. We ask for the participant's name and email address via self-service. Participants receive a specific link for the seminar they attended. This link takes participants to a small form where they enter their name and email address. Company, seminar title, etc. are permanently linked to the link. Once the form has been completed, the certificate of attendance is generated and emailed to the participant. The following image shows the form.
The seminar data is transferred from the training administration via RabbitMQ to the application for the certificates of participation. As already mentioned, these are small, focused applications. The training administration sends the information to a queue. The application for the certificates of attendance subscribes to these messages and saves the required information about the seminar locally. In this way, the two applications are loosely coupled. It is also possible to develop the applications independently and even the language can be freely selected. Only the contract via the RabbitMQ queue must be taken into account by both sides.
Open Badges
The next step was to award the participants an additional badge in the Open Badges Format to make it available. We could have integrated this into the existing application. But here we decided to create a multi-tenancy application: mybadges.io. mybadges.io is a Software as a Service (SaaS) solution. This would not have been necessary for the Academy as the only user to date. However, such an application can also serve as an illustrative object in our training courses. We are regularly asked for "sample solutions". And at the latest in the Clean Code Developer Architect seminar, we need to show more than just small mini examples. The solution is now also available to other clients.
Multi-tenancy
A multi-tenancy application can be translated as multi-client capable be designated. In the case of our Open Badges application, this means that the Academy is one of the users of the application. However, there may also be other users whose data is stored strictly separately from our data. Each client of the application can define its own badges and issue them to participants. To store the data, we have Marten is used. Marten is a document database based on PostgreSQL. Any JSON-serialized documents are stored, similar to MongoDB. The great advantage of Marten lies in the fact that Marten is multi-tenant capable. A tenant ID can be specified with every access to the database. Marten thus ensures the separation of data. Ultimately, the data of all tenants in this model is stored in the same database and is assigned to a tenant in a column defined behind the scenes. It is also possible to use one database per tenant.
Authentication
Of course, access to such an application must be secured via an authentication mechanism. Some URLs are available without logging in, but most resources are only accessible after authentication. The open badges created with the application are publicly accessible. Otherwise, these badges would not be verifiable for everyone.
For the topics Authentication and Authorization we use Keycloak. This open source project provides OpenID Connect and OAuth 2.0, among other things. Users and their passwords are created in Keycloak. Applications such as mybadges.io or our training administration each refer to the Keycloak server and receive a token from it, which can be used to identify a successfully logged-in user.
At the same time, the user is assigned to a tenant in the application. The model we have chosen supports the assignment of multiple users to a tenant. This means that the model is also suitable for applications in which several users are to work on the same data. Authorization can also be used to control permissions. For example, certain operations can be reserved for admins.
Another advantage of Keycloak is that other identity providers can also be configured. This makes it possible to log in via Google, LinkedIn, Facebook, etc. To do this, the provider only needs to be configured once in Keycloak. The configured providers are then automatically displayed in the login screen.
API
The Open Badges solution is not connected to our other applications via RabbitMQ but via API. The idea behind this is to make it as easy as possible for individual clients to create badges. A simple API call is sufficient for this. A connection to Zapier is in the works. This will allow the creation of badges to be integrated very flexibly into thousands of applications.
Conclusion
Writing a multi-tenant application requires a great deal of care. It must be ensured that each client only sees its own data. It helps to use existing libraries and services such as Marten or Keycloak. The topics of testing and continuous integration also come up. For the integration tests, we use Docker plus TestContainers, as already mentioned. here described.
And, of course, the applications also need to be operated. Various Docker containers are also used here. Furthermore, nginx, subdomains, SSL certificates and a few other details.
If you would like to find out more and see the source code, just come to the next Clean Code Developer Architect Seminar.
Clean code training
Dates of the individual training days:
Closed company courses
We conduct all seminars as closed company courses for you.
If you are interested or have any questions please contact us.