MIcroservice: Best practise for Authentication
I am looking into using microservice for my application. However the application involves authentication. E.g. there is a service for user to upload their images if they are authenticated. There is also a service for them to write reviews if they are authenticated.
How should i design the microservice to ensure that the user just need to authenticate once to access different services. Should i have a API gateway layer that does the authentication and make this API gateway talk to the different services?
rest architecture microservices
asked Nov 26 '18 at 3:07
SydneySydney
314213
add a comment |
I am looking into using microservice for my application. However the application involves authentication. E.g. there is a service for user to upload their images if they are authenticated. There is also a service for them to write reviews if they are authenticated.
How should i design the microservice to ensure that the user just need to authenticate once to access different services. Should i have a API gateway layer that does the authentication and make this API gateway talk to the different services?
rest architecture microservices
asked Nov 26 '18 at 3:07
SydneySydney
314213
add a comment |
I am looking into using microservice for my application. However the application involves authentication. E.g. there is a service for user to upload their images if they are authenticated. There is also a service for them to write reviews if they are authenticated.
How should i design the microservice to ensure that the user just need to authenticate once to access different services. Should i have a API gateway layer that does the authentication and make this API gateway talk to the different services?
rest architecture microservices
asked Nov 26 '18 at 3:07
SydneySydney
314213
I am looking into using microservice for my application. However the application involves authentication. E.g. there is a service for user to upload their images if they are authenticated. There is also a service for them to write reviews if they are authenticated.
How should i design the microservice to ensure that the user just need to authenticate once to access different services. Should i have a API gateway layer that does the authentication and make this API gateway talk to the different services?
rest architecture microservices
rest architecture microservices
asked Nov 26 '18 at 3:07
SydneySydney
314213
asked Nov 26 '18 at 3:07
SydneySydney
314213
asked Nov 26 '18 at 3:07
SydneySydney
314213
asked Nov 26 '18 at 3:07
SydneySydney
314213
asked Nov 26 '18 at 3:07
SydneySydney
314213
314213
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
You can do authentication at the gateway layer, if authentication is all you need. If you are interested in authorization, you may have to pass the tokens forward for application to consider it. Also you can do that, if you have trust on other services behind the gateways. That is service 1 is free to call service 2 without authentication.
Also you loose bit of information about the principal, you can however write it back on the request in the gateway while forwarding.
Also another point to consider is JWT, they are lightweight and more importantly could be validated without calling auth server explicitly and it saves you some time specially in microservices. So even if you have to do auth at every service layer you are doing it at minimal cost, some nanoseconds. You can explore that as well.
However final call is based on how strong your security needs are compared to rest. based on that you can take a call. Auth stripping at api gateway saves you code duplication but is less secure as other services can do as they wish.
Same goes for token, you can authenticate without explicit call to auth server but then tokens are valid for some min time and bearer is free to do as they wish once they got the tokens, you cannon invalidate it.
answered Nov 26 '18 at 6:30
AnunayAnunay
1,045718
In JWT how to revoke the token if user logged out
– techagrammer
Nov 26 '18 at 12:08
you do not revoke access token, you cannot. On log out you will not allow refresh token to be refreshed. So basically user will not be able to get new Access tokens from refresh tokens after logout
– Anunay
Nov 26 '18 at 12:30
in that case till the time access token is valid, user will be able to call the API's even after logout (refresh token time could be as small as 1 min), but till 1 min user will be able to access . Is this correct assumption?
– techagrammer
Nov 27 '18 at 7:31
Yes, Access token should be valid for smallest amount of time as required by your application. And yes user will have free will as long as Access Token is valid. Refresh token could be active for longer time, as you need to contact the auth server to refresh token and in the mean time if users logs out, you need not to worry as refresh token will not be refreshed.
– Anunay
Nov 27 '18 at 8:16
in this case lets say time remaining is 5 sec for the token to refresh , and I call a API , which in turn call another API , but in the mean time JWT token becomes invalid. How to handle such cases
– techagrammer
Nov 27 '18 at 15:38
|
show 1 more comment
While Anunay's answer is one the most famous solutions, there is another solution I would like to point out. You could use some distributed session management systems to persist sessions on RAM or DISK. As an example, we have authentication module that creates a token and persists it in Redis. While Redis itself can be distributed and it can persist less used data on disk, then it will be a good choice for all microservices to check client tokens with redis.
With this method, there is nothing to do with API gateway. The gateway just passes tokens to microservices. So even in case you are thinking about different authenitcation methods on different services, it will be a good solution. (Although I cant think of a reason for that need right now but I have heard of it)
Inside a session, you can store user Roles and Permissions. That's how you can strict users access to some API's. And for your private API's, you could generate a token with role ADMIN. Then each microservice can call other one with that token so your API's will be safe.
Also you could rapidly invalidate any sessions and store anything you want in those sessions. In our system, spring framework generates a X-AUTH-TOKEN that can be set in headers. The token is pointing to a session key in redis. This works with Cookies too. (and if I'm not wrong, you could even use this method with oAuth and JWT)
In a clean architecture you can create a security module that uses this validation method over API's and add it to every microservice that you want to protect.
There are other options when it comes to session persisting too. Database, LDAP, Redis, Hazelcast ... the choice depends on your need.
answered Nov 28 '18 at 6:06
Sep GHSep GH
555419
I would be little concerned with exposing my redis (data store) directly to rest of services. JWT token can sum in all information you need and can be validated independently without any network call.
– Anunay
Nov 28 '18 at 16:20
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53474298%2fmicroservice-best-practise-for-authentication%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
You can do authentication at the gateway layer, if authentication is all you need. If you are interested in authorization, you may have to pass the tokens forward for application to consider it. Also you can do that, if you have trust on other services behind the gateways. That is service 1 is free to call service 2 without authentication.
Also you loose bit of information about the principal, you can however write it back on the request in the gateway while forwarding.
Also another point to consider is JWT, they are lightweight and more importantly could be validated without calling auth server explicitly and it saves you some time specially in microservices. So even if you have to do auth at every service layer you are doing it at minimal cost, some nanoseconds. You can explore that as well.
However final call is based on how strong your security needs are compared to rest. based on that you can take a call. Auth stripping at api gateway saves you code duplication but is less secure as other services can do as they wish.
Same goes for token, you can authenticate without explicit call to auth server but then tokens are valid for some min time and bearer is free to do as they wish once they got the tokens, you cannon invalidate it.
answered Nov 26 '18 at 6:30
AnunayAnunay
1,045718
In JWT how to revoke the token if user logged out
– techagrammer
Nov 26 '18 at 12:08
you do not revoke access token, you cannot. On log out you will not allow refresh token to be refreshed. So basically user will not be able to get new Access tokens from refresh tokens after logout
– Anunay
Nov 26 '18 at 12:30
in that case till the time access token is valid, user will be able to call the API's even after logout (refresh token time could be as small as 1 min), but till 1 min user will be able to access . Is this correct assumption?
– techagrammer
Nov 27 '18 at 7:31
Yes, Access token should be valid for smallest amount of time as required by your application. And yes user will have free will as long as Access Token is valid. Refresh token could be active for longer time, as you need to contact the auth server to refresh token and in the mean time if users logs out, you need not to worry as refresh token will not be refreshed.
– Anunay
Nov 27 '18 at 8:16
in this case lets say time remaining is 5 sec for the token to refresh , and I call a API , which in turn call another API , but in the mean time JWT token becomes invalid. How to handle such cases
– techagrammer
Nov 27 '18 at 15:38
|
show 1 more comment
You can do authentication at the gateway layer, if authentication is all you need. If you are interested in authorization, you may have to pass the tokens forward for application to consider it. Also you can do that, if you have trust on other services behind the gateways. That is service 1 is free to call service 2 without authentication.
Also you loose bit of information about the principal, you can however write it back on the request in the gateway while forwarding.
Also another point to consider is JWT, they are lightweight and more importantly could be validated without calling auth server explicitly and it saves you some time specially in microservices. So even if you have to do auth at every service layer you are doing it at minimal cost, some nanoseconds. You can explore that as well.
However final call is based on how strong your security needs are compared to rest. based on that you can take a call. Auth stripping at api gateway saves you code duplication but is less secure as other services can do as they wish.
Same goes for token, you can authenticate without explicit call to auth server but then tokens are valid for some min time and bearer is free to do as they wish once they got the tokens, you cannon invalidate it.
answered Nov 26 '18 at 6:30
AnunayAnunay
1,045718
In JWT how to revoke the token if user logged out
– techagrammer
Nov 26 '18 at 12:08
you do not revoke access token, you cannot. On log out you will not allow refresh token to be refreshed. So basically user will not be able to get new Access tokens from refresh tokens after logout
– Anunay
Nov 26 '18 at 12:30
in that case till the time access token is valid, user will be able to call the API's even after logout (refresh token time could be as small as 1 min), but till 1 min user will be able to access . Is this correct assumption?
– techagrammer
Nov 27 '18 at 7:31
Yes, Access token should be valid for smallest amount of time as required by your application. And yes user will have free will as long as Access Token is valid. Refresh token could be active for longer time, as you need to contact the auth server to refresh token and in the mean time if users logs out, you need not to worry as refresh token will not be refreshed.
– Anunay
Nov 27 '18 at 8:16
in this case lets say time remaining is 5 sec for the token to refresh , and I call a API , which in turn call another API , but in the mean time JWT token becomes invalid. How to handle such cases
– techagrammer
Nov 27 '18 at 15:38
|
show 1 more comment
You can do authentication at the gateway layer, if authentication is all you need. If you are interested in authorization, you may have to pass the tokens forward for application to consider it. Also you can do that, if you have trust on other services behind the gateways. That is service 1 is free to call service 2 without authentication.
Also you loose bit of information about the principal, you can however write it back on the request in the gateway while forwarding.
Also another point to consider is JWT, they are lightweight and more importantly could be validated without calling auth server explicitly and it saves you some time specially in microservices. So even if you have to do auth at every service layer you are doing it at minimal cost, some nanoseconds. You can explore that as well.
However final call is based on how strong your security needs are compared to rest. based on that you can take a call. Auth stripping at api gateway saves you code duplication but is less secure as other services can do as they wish.
Same goes for token, you can authenticate without explicit call to auth server but then tokens are valid for some min time and bearer is free to do as they wish once they got the tokens, you cannon invalidate it.
answered Nov 26 '18 at 6:30
AnunayAnunay
1,045718
You can do authentication at the gateway layer, if authentication is all you need. If you are interested in authorization, you may have to pass the tokens forward for application to consider it. Also you can do that, if you have trust on other services behind the gateways. That is service 1 is free to call service 2 without authentication.
Also you loose bit of information about the principal, you can however write it back on the request in the gateway while forwarding.
Also another point to consider is JWT, they are lightweight and more importantly could be validated without calling auth server explicitly and it saves you some time specially in microservices. So even if you have to do auth at every service layer you are doing it at minimal cost, some nanoseconds. You can explore that as well.
However final call is based on how strong your security needs are compared to rest. based on that you can take a call. Auth stripping at api gateway saves you code duplication but is less secure as other services can do as they wish.
Same goes for token, you can authenticate without explicit call to auth server but then tokens are valid for some min time and bearer is free to do as they wish once they got the tokens, you cannon invalidate it.
answered Nov 26 '18 at 6:30
AnunayAnunay
1,045718
answered Nov 26 '18 at 6:30
AnunayAnunay
1,045718
answered Nov 26 '18 at 6:30
AnunayAnunay
1,045718
answered Nov 26 '18 at 6:30
AnunayAnunay
1,045718
1,045718
In JWT how to revoke the token if user logged out
– techagrammer
Nov 26 '18 at 12:08
you do not revoke access token, you cannot. On log out you will not allow refresh token to be refreshed. So basically user will not be able to get new Access tokens from refresh tokens after logout
– Anunay
Nov 26 '18 at 12:30
in that case till the time access token is valid, user will be able to call the API's even after logout (refresh token time could be as small as 1 min), but till 1 min user will be able to access . Is this correct assumption?
– techagrammer
Nov 27 '18 at 7:31
Yes, Access token should be valid for smallest amount of time as required by your application. And yes user will have free will as long as Access Token is valid. Refresh token could be active for longer time, as you need to contact the auth server to refresh token and in the mean time if users logs out, you need not to worry as refresh token will not be refreshed.
– Anunay
Nov 27 '18 at 8:16
in this case lets say time remaining is 5 sec for the token to refresh , and I call a API , which in turn call another API , but in the mean time JWT token becomes invalid. How to handle such cases
– techagrammer
Nov 27 '18 at 15:38
|
show 1 more comment
In JWT how to revoke the token if user logged out
– techagrammer
Nov 26 '18 at 12:08
you do not revoke access token, you cannot. On log out you will not allow refresh token to be refreshed. So basically user will not be able to get new Access tokens from refresh tokens after logout
– Anunay
Nov 26 '18 at 12:30
in that case till the time access token is valid, user will be able to call the API's even after logout (refresh token time could be as small as 1 min), but till 1 min user will be able to access . Is this correct assumption?
– techagrammer
Nov 27 '18 at 7:31
Yes, Access token should be valid for smallest amount of time as required by your application. And yes user will have free will as long as Access Token is valid. Refresh token could be active for longer time, as you need to contact the auth server to refresh token and in the mean time if users logs out, you need not to worry as refresh token will not be refreshed.
– Anunay
Nov 27 '18 at 8:16
in this case lets say time remaining is 5 sec for the token to refresh , and I call a API , which in turn call another API , but in the mean time JWT token becomes invalid. How to handle such cases
– techagrammer
Nov 27 '18 at 15:38
In JWT how to revoke the token if user logged out
– techagrammer
Nov 26 '18 at 12:08
In JWT how to revoke the token if user logged out
– techagrammer
Nov 26 '18 at 12:08
you do not revoke access token, you cannot. On log out you will not allow refresh token to be refreshed. So basically user will not be able to get new Access tokens from refresh tokens after logout
– Anunay
Nov 26 '18 at 12:30
you do not revoke access token, you cannot. On log out you will not allow refresh token to be refreshed. So basically user will not be able to get new Access tokens from refresh tokens after logout
– Anunay
Nov 26 '18 at 12:30
in that case till the time access token is valid, user will be able to call the API's even after logout (refresh token time could be as small as 1 min), but till 1 min user will be able to access . Is this correct assumption?
– techagrammer
Nov 27 '18 at 7:31
in that case till the time access token is valid, user will be able to call the API's even after logout (refresh token time could be as small as 1 min), but till 1 min user will be able to access . Is this correct assumption?
– techagrammer
Nov 27 '18 at 7:31
Yes, Access token should be valid for smallest amount of time as required by your application. And yes user will have free will as long as Access Token is valid. Refresh token could be active for longer time, as you need to contact the auth server to refresh token and in the mean time if users logs out, you need not to worry as refresh token will not be refreshed.
– Anunay
Nov 27 '18 at 8:16
Yes, Access token should be valid for smallest amount of time as required by your application. And yes user will have free will as long as Access Token is valid. Refresh token could be active for longer time, as you need to contact the auth server to refresh token and in the mean time if users logs out, you need not to worry as refresh token will not be refreshed.
– Anunay
Nov 27 '18 at 8:16
in this case lets say time remaining is 5 sec for the token to refresh , and I call a API , which in turn call another API , but in the mean time JWT token becomes invalid. How to handle such cases
– techagrammer
Nov 27 '18 at 15:38
in this case lets say time remaining is 5 sec for the token to refresh , and I call a API , which in turn call another API , but in the mean time JWT token becomes invalid. How to handle such cases
– techagrammer
Nov 27 '18 at 15:38
|
show 1 more comment
While Anunay's answer is one the most famous solutions, there is another solution I would like to point out. You could use some distributed session management systems to persist sessions on RAM or DISK. As an example, we have authentication module that creates a token and persists it in Redis. While Redis itself can be distributed and it can persist less used data on disk, then it will be a good choice for all microservices to check client tokens with redis.
With this method, there is nothing to do with API gateway. The gateway just passes tokens to microservices. So even in case you are thinking about different authenitcation methods on different services, it will be a good solution. (Although I cant think of a reason for that need right now but I have heard of it)
Inside a session, you can store user Roles and Permissions. That's how you can strict users access to some API's. And for your private API's, you could generate a token with role ADMIN. Then each microservice can call other one with that token so your API's will be safe.
Also you could rapidly invalidate any sessions and store anything you want in those sessions. In our system, spring framework generates a X-AUTH-TOKEN that can be set in headers. The token is pointing to a session key in redis. This works with Cookies too. (and if I'm not wrong, you could even use this method with oAuth and JWT)
In a clean architecture you can create a security module that uses this validation method over API's and add it to every microservice that you want to protect.
There are other options when it comes to session persisting too. Database, LDAP, Redis, Hazelcast ... the choice depends on your need.
answered Nov 28 '18 at 6:06
Sep GHSep GH
555419
I would be little concerned with exposing my redis (data store) directly to rest of services. JWT token can sum in all information you need and can be validated independently without any network call.
– Anunay
Nov 28 '18 at 16:20
add a comment |
While Anunay's answer is one the most famous solutions, there is another solution I would like to point out. You could use some distributed session management systems to persist sessions on RAM or DISK. As an example, we have authentication module that creates a token and persists it in Redis. While Redis itself can be distributed and it can persist less used data on disk, then it will be a good choice for all microservices to check client tokens with redis.
With this method, there is nothing to do with API gateway. The gateway just passes tokens to microservices. So even in case you are thinking about different authenitcation methods on different services, it will be a good solution. (Although I cant think of a reason for that need right now but I have heard of it)
Inside a session, you can store user Roles and Permissions. That's how you can strict users access to some API's. And for your private API's, you could generate a token with role ADMIN. Then each microservice can call other one with that token so your API's will be safe.
Also you could rapidly invalidate any sessions and store anything you want in those sessions. In our system, spring framework generates a X-AUTH-TOKEN that can be set in headers. The token is pointing to a session key in redis. This works with Cookies too. (and if I'm not wrong, you could even use this method with oAuth and JWT)
In a clean architecture you can create a security module that uses this validation method over API's and add it to every microservice that you want to protect.
There are other options when it comes to session persisting too. Database, LDAP, Redis, Hazelcast ... the choice depends on your need.
answered Nov 28 '18 at 6:06
Sep GHSep GH
555419
I would be little concerned with exposing my redis (data store) directly to rest of services. JWT token can sum in all information you need and can be validated independently without any network call.
– Anunay
Nov 28 '18 at 16:20
add a comment |
While Anunay's answer is one the most famous solutions, there is another solution I would like to point out. You could use some distributed session management systems to persist sessions on RAM or DISK. As an example, we have authentication module that creates a token and persists it in Redis. While Redis itself can be distributed and it can persist less used data on disk, then it will be a good choice for all microservices to check client tokens with redis.
With this method, there is nothing to do with API gateway. The gateway just passes tokens to microservices. So even in case you are thinking about different authenitcation methods on different services, it will be a good solution. (Although I cant think of a reason for that need right now but I have heard of it)
Inside a session, you can store user Roles and Permissions. That's how you can strict users access to some API's. And for your private API's, you could generate a token with role ADMIN. Then each microservice can call other one with that token so your API's will be safe.
Also you could rapidly invalidate any sessions and store anything you want in those sessions. In our system, spring framework generates a X-AUTH-TOKEN that can be set in headers. The token is pointing to a session key in redis. This works with Cookies too. (and if I'm not wrong, you could even use this method with oAuth and JWT)
In a clean architecture you can create a security module that uses this validation method over API's and add it to every microservice that you want to protect.
There are other options when it comes to session persisting too. Database, LDAP, Redis, Hazelcast ... the choice depends on your need.
answered Nov 28 '18 at 6:06
Sep GHSep GH
555419
While Anunay's answer is one the most famous solutions, there is another solution I would like to point out. You could use some distributed session management systems to persist sessions on RAM or DISK. As an example, we have authentication module that creates a token and persists it in Redis. While Redis itself can be distributed and it can persist less used data on disk, then it will be a good choice for all microservices to check client tokens with redis.
With this method, there is nothing to do with API gateway. The gateway just passes tokens to microservices. So even in case you are thinking about different authenitcation methods on different services, it will be a good solution. (Although I cant think of a reason for that need right now but I have heard of it)
Inside a session, you can store user Roles and Permissions. That's how you can strict users access to some API's. And for your private API's, you could generate a token with role ADMIN. Then each microservice can call other one with that token so your API's will be safe.
Also you could rapidly invalidate any sessions and store anything you want in those sessions. In our system, spring framework generates a X-AUTH-TOKEN that can be set in headers. The token is pointing to a session key in redis. This works with Cookies too. (and if I'm not wrong, you could even use this method with oAuth and JWT)
In a clean architecture you can create a security module that uses this validation method over API's and add it to every microservice that you want to protect.
There are other options when it comes to session persisting too. Database, LDAP, Redis, Hazelcast ... the choice depends on your need.
answered Nov 28 '18 at 6:06
Sep GHSep GH
555419
answered Nov 28 '18 at 6:06
Sep GHSep GH
555419
answered Nov 28 '18 at 6:06
Sep GHSep GH
555419
answered Nov 28 '18 at 6:06
Sep GHSep GH
555419
555419
I would be little concerned with exposing my redis (data store) directly to rest of services. JWT token can sum in all information you need and can be validated independently without any network call.
– Anunay
Nov 28 '18 at 16:20
add a comment |
I would be little concerned with exposing my redis (data store) directly to rest of services. JWT token can sum in all information you need and can be validated independently without any network call.
– Anunay
Nov 28 '18 at 16:20
I would be little concerned with exposing my redis (data store) directly to rest of services. JWT token can sum in all information you need and can be validated independently without any network call.
– Anunay
Nov 28 '18 at 16:20
I would be little concerned with exposing my redis (data store) directly to rest of services. JWT token can sum in all information you need and can be validated independently without any network call.
– Anunay
Nov 28 '18 at 16:20
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53474298%2fmicroservice-best-practise-for-authentication%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
