Use token auth mechanism. This probably should be implemented as a separate micro service used by deck and cannon.

I will suggest outsource authentication mechanism (https://auth0.com) they have a Open Source Program, for non-profit projects: https://auth0.com/pricing