Skip to main content

Production Deployment Considerations

Deploying an application integrated with Mubarokah ID OAuth 2.0 requires careful attention to environment configuration, security, and reliability. This guide outlines key considerations.

Environment Configuration

Your production environment must be configured securely and correctly to interact with Mubarokah ID.

Key Configuration Parameters (Environment Variables)

It is highly recommended to manage sensitive configuration values using environment variables rather than hardcoding them into your application. Essential Environment Variables:
VariableExample ValueDescription
MUBAROKAH_CLIENT_IDyour_production_client_idYour application’s unique Client ID provided by Mubarokah ID for the production environment.
MUBAROKAH_CLIENT_SECRETyour_strong_production_client_secretYour application’s confidential Client Secret for the production environment. Keep this highly secure.
MUBAROKAH_REDIRECT_URIhttps://yoursecureapp.com/auth/mubarokah/callbackThe exact, HTTPS-secured URL Mubarokah ID will redirect users back to after authentication. Must be registered with Mubarokah ID.
MUBAROKAH_BASE_URLhttps://accounts.mubarokah.comThe base URL for Mubarokah ID’s OAuth and API endpoints.
APP_ENV or NODE_ENVproductionSets your application’s environment to production mode (often enables optimizations and disables debugging features).
SESSION_SECRET or APP_KEYa_very_long_and_random_secure_stringA strong, random secret key used for session encryption and signing. Generate a unique one for production.
LOG_LEVELinfo or warnControls the verbosity of your application logs. info is common for production, warn or error for less verbosity.
DATABASE_URL (if applicable)postgres://user:pass@host:port/dbnameConnection string for your production database (if your app uses one for user data, token storage etc.).
REDIS_URL (if applicable)redis://:pass@host:port/0Connection string for your production Redis instance (if used for caching, session storage, or token storage).
TOKEN_ENCRYPTION_KEY (if applicable)another_strong_random_fernet_keyIf you are encrypting tokens (e.g., refresh tokens) at rest in your database/cache, this is the key used for that encryption.
Example .env.production (conceptual): 
# Application Environment
APP_ENV=production
APP_KEY=base64:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx= # Laravel example: generate with php artisan key:generate
SESSION_SECRET=your_nodejs_session_secret_here # Node.js example
LOG_LEVEL=info
APP_URL=https://yoursecureapp.com # Your application's main URL

# Mubarokah ID OAuth Configuration
MUBAROKAH_CLIENT_ID=prod_client_id_from_mubarokah
MUBAROKAH_CLIENT_SECRET=very_strong_and_secret_production_key
MUBAROKAH_REDIRECT_URI=https://yoursecureapp.com/auth/mubarokah/callback
MUBAROKAH_BASE_URL=https://accounts.mubarokah.com

# Database (Example)
DB_CONNECTION=mysql
DB_HOST=prod-db-host.internal
DB_PORT=3306
DB_DATABASE=production_db
DB_USERNAME=prod_user
DB_PASSWORD=strong_db_password

# Redis (Example)
REDIS_HOST=prod-redis-host.internal
REDIS_PASSWORD=strong_redis_password
REDIS_PORT=6379

# If encrypting tokens at rest
# TOKEN_ENCRYPTION_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=

HTTPS Enforcement

  • Your Application: Your entire production application, especially the OAuth redirect_uri, must be served over HTTPS. Use TLS certificates from a trusted Certificate Authority (CA) (e.g., Let’s Encrypt).
  • Mubarokah ID Endpoints: Mubarokah ID’s endpoints will also be HTTPS. Ensure your server can make outbound HTTPS connections and has up-to-date CA root certificates to validate Mubarokah ID’s SSL certificates.

Server Configuration

  • Web Server (Nginx, Apache):
    • Configure for security (e.g., disable unnecessary modules, set appropriate headers like HSTS, X-Frame-Options, X-Content-Type-Options).
    • Set up robust logging.
    • Configure reverse proxy correctly if your application server (Node.js, Python, Java) runs behind it.
  • Firewall: Configure firewalls to only allow necessary inbound traffic (e.g., HTTPS on port 443) and outbound traffic (e.g., to Mubarokah ID’s IP range if known and restrictive outbound policies are in place).
  • System Updates: Keep your server operating systems and all software packages up-to-date with the latest security patches.

General Deployment Advice

  • Automated Deployments: Use a CI/CD (Continuous Integration/Continuous Deployment) pipeline for consistent and reliable deployments. (Covered more in CI/CD section).
  • Health Checks: Implement health check endpoints in your application that your load balancer or orchestration platform (e.g., Kubernetes) can use to determine if an instance is healthy. (Covered more in Health Monitoring section).
  • Logging and Monitoring: Set up comprehensive logging and monitoring for your application and infrastructure to detect issues quickly. (Covered more in Monitoring & Debugging section).
  • Backups: Ensure regular backups of your database and critical application data.
  • Secrets Management: For higher security, consider using a dedicated secrets management system (e.g., HashiCorp Vault, AWS Secrets Manager, Azure Key Vault) to manage MUBAROKAH_CLIENT_SECRET and other sensitive credentials, rather than just environment variables.
  • Scalability: Design your application to be scalable, especially the components handling OAuth callbacks, as login events can sometimes cause load spikes. Consider stateless application servers if possible, with session/token data managed in a shared store like Redis or a database.
Deploying a secure and robust OAuth integration requires attention to detail at each step, from configuration to ongoing operations.