{"id":15415847,"url":"https://github.com/davidje13/auth-backend","last_synced_at":"2026-02-28T13:33:25.097Z","repository":{"id":57187137,"uuid":"250900880","full_name":"davidje13/auth-backend","owner":"davidje13","description":"minimal API for integration with external authentication providers","archived":false,"fork":false,"pushed_at":"2025-12-03T16:45:15.000Z","size":240,"stargazers_count":0,"open_issues_count":5,"forks_count":2,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-12-06T21:39:13.599Z","etag":null,"topics":["github-login","gitlab-login","google-login","google-sso","oauth"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/davidje13.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2020-03-28T21:52:59.000Z","updated_at":"2025-12-03T16:45:17.000Z","dependencies_parsed_at":"2022-08-28T10:51:29.494Z","dependency_job_id":null,"html_url":"https://github.com/davidje13/auth-backend","commit_stats":null,"previous_names":[],"tags_count":12,"template":false,"template_full_name":null,"purl":"pkg:github/davidje13/auth-backend","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davidje13%2Fauth-backend","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davidje13%2Fauth-backend/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davidje13%2Fauth-backend/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davidje13%2Fauth-backend/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/davidje13","download_url":"https://codeload.github.com/davidje13/auth-backend/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davidje13%2Fauth-backend/sbom","scorecard":{"id":326901,"data":{"date":"2025-08-11","repo":{"name":"github.com/davidje13/auth-backend","commit":"66afafdb74127d2d09faa66d758bad8061572613"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Code-Review","score":0,"reason":"Found 0/24 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}}]},"last_synced_at":"2025-08-18T02:40:36.732Z","repository_id":57187137,"created_at":"2025-08-18T02:40:36.732Z","updated_at":"2025-08-18T02:40:36.732Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29935368,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-28T13:16:57.922Z","status":"ssl_error","status_checked_at":"2026-02-28T13:11:15.149Z","response_time":90,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["github-login","gitlab-login","google-login","google-sso","oauth"],"created_at":"2024-10-01T17:10:01.833Z","updated_at":"2026-02-28T13:33:25.078Z","avatar_url":"https://github.com/davidje13.png","language":"TypeScript","readme":"# Authentication Backend\n\nProvides minimal backend functionality for integrating with external\nauthentication providers.\n\nCurrently supports Google, GitHub and GitLab.\n\n## Install dependency\n\n```bash\nnpm install --save authentication-backend\n```\n\n## Usage\n\n```javascript\nimport express from 'express';\nimport { buildAuthenticationBackend } from 'authentication-backend';\n\nconst config = {\n  google: {\n    clientId: 'my-google-client-id',\n    authUrl: 'https://accounts.google.com/o/oauth2/auth',\n    tokenInfoUrl: 'https://oauth2.googleapis.com/tokeninfo',\n  },\n  github: {\n    clientId: 'my-github-client-id',\n    clientSecret: 'my-github-client-secret',\n    authUrl: 'https://github.com/login/oauth/authorize',\n    accessTokenUrl: 'https://github.com/login/oauth/access_token',\n    userUrl: 'https://api.github.com/user',\n  },\n  gitlab: {\n    clientId: 'my-gitlab-client-id',\n    authUrl: 'https://gitlab.com/oauth/authorize',\n    tokenInfoUrl: 'https://gitlab.com/oauth/token/info',\n  },\n};\n\nfunction tokenGranter(userId, service, externalId) {\n  // database-based example:\n  const myUserSessionToken = uuidv4();\n  myDatabase.recordUserSession(myUserSessionToken, userId);\n  return myUserSessionToken;\n}\n\nconst auth = buildAuthenticationBackend(config, tokenGranter);\nexpress()\n  .use('/my-prefix', auth.router)\n  .listen(8080);\n```\n\nYou will need to do some work for each service on the client-side too.\nSee the source in `/example/static` for a reference implementation.\n\n### Mock SSO server\n\n\u003cimg src=\"docs/mock-sso.png\" width=\"250\" align=\"right\" style=\"margin-top: -2em\"\u003e\n\nThis package also contains a mock SSO server, which can be run alongside your app\n(this is useful for local development and testing):\n\n\u003cdiv style=\"clear: both\"\u003e\u003c/div\u003e\n\n```javascript\nimport express from 'express';\nimport { buildAuthenticationBackend, buildMockSsoApp } from 'authentication-backend';\n\nbuildMockSsoApp().listen(9000);\n\nconst config =\n  google: {\n    clientId: 'my-google-client-id',\n    authUrl: 'http://localhost:9000/auth',\n    tokenInfoUrl: 'http://localhost:9000/tokeninfo',\n  },\n};\n\n// ...\n\nconst auth = buildAuthenticationBackend(config, tokenGranter);\nexpress()\n  .use('/my-prefix', auth.router)\n  .listen(8080);\n```\n\n## Authentication Providers\n\n### Google sign in\n\nYou will need a Google client ID:\n\n1. Go to \u003chttps://console.developers.google.com/apis\u003e\n2. Create a new project (if necessary)\n3. In the \"Credentials\" screen, find the auto-generated OAuth client\n   entry (if it was not created automatically, create one manually with\n   \"Create credentials\" \u0026rarr; \"OAuth client ID\")\n4. Record the client ID (you will not need the client secret)\n5. Update the authorised JavaScript origins to match your deployment.\n   e.g. for local testing, this could be `http://localhost:8080`\n6. Update the authorised redirect URIs to the same value, with\n   `/\u003cmy-prefix\u003e/google` appended to the end.\n7. You may want to change the \"Support email\" listed under\n   \"OAuth consent screen\", as this will be visible to users of your\n   deployed app.\n\nYou can now configure the client ID in your app:\n\n```javascript\nconst config =\n  google: {\n    clientId: 'something.apps.googleusercontent.com', // \u003c-- replace\n    authUrl: 'https://accounts.google.com/o/oauth2/auth',\n    tokenInfoUrl: 'https://oauth2.googleapis.com/tokeninfo',\n  },\n};\n```\n\n### GitHub sign in\n\nYou will need a GitHub client ID:\n\n1. Go to \u003chttps://github.com/settings/applications/new\u003e\n2. Set the \"Homepage URL\" to match your deployment. e.g. for local\n   testing, this could be `http://localhost:8080`\n3. Set the \"Authorization callback URL\" to the same value, with\n   `/\u003cmy-prefix\u003e/github` appended to the end.\n4. Record the client ID and client secret.\n\nYou can now configure the client ID and secret in your app:\n\n```javascript\nconst config =\n  github: {\n    clientId: 'my-github-client-id',         // \u003c-- replace\n    clientSecret: 'my-github-client-secret', // \u003c-- replace\n    authUrl: 'https://github.com/login/oauth/authorize',\n    accessTokenUrl: 'https://github.com/login/oauth/access_token',\n    userUrl: 'https://api.github.com/user',\n  },\n};\n```\n\n### GitLab sign in\n\nYou will need a GitLab client ID:\n\n1. Go to \u003chttps://gitlab.com/profile/applications\u003e\n2. Set the \"Redirect URI\" to match your deployment with\n   `/\u003cmy-prefix\u003e/gitlab` appended to the end. e.g. for local\n   testing, this could be `http://localhost:8080/\u003cmy-prefix\u003e/gitlab`\n3. Untick the \"confidential\" option. You do not need to enable\n   any scopes.\n4. Record the application ID (you will not need the secret).\n\nYou can now configure the application ID in your app:\n\n```javascript\nconst config =\n  gitlab: {\n    clientId: 'my-gitlab-application-id', // \u003c-- replace\n    authUrl: 'https://gitlab.com/oauth/authorize',\n    tokenInfoUrl: 'https://gitlab.com/oauth/token/info',\n  },\n};\n```\n\n## API\n\nThis expects you to create a frontend which handles the user interaction and propagates returned data to the API.\n\n### GET `/`\n\nThis will return the public parts of your config (i.e. `clientId` and `authUrl` for each service).\n\nExample:\n\n```json\n{\n  \"google\": {\n    \"clientId\": \"my-google-client-id\",\n    \"authUrl\": \"https://accounts.google.com/o/oauth2/auth\"\n  },\n  \"github\": {\n    \"clientId\": \"my-github-client-id\",\n    \"authUrl\": \"https://github.com/login/oauth/authorize\"\n  },\n  \"gitlab\": {\n    \"clientId\": \"my-gitlab-client-id\",\n    \"authUrl\": \"https://gitlab.com/oauth/authorize\"\n  }\n}\n```\n\nAny services which have not been configured will be omitted from the response.\n\n### POST `/\u003cservice-name\u003e`\n\nWhere `\u003cservice-name\u003e` is `google`, `github` or `gitlab`.\n\nThis expects to receive JSON-encoded data:\n\n```json\n{\n  \"externalToken\": \"token-returned-by-service\"\n}\n```\n\nIt will check the token with the service, and if successful, will invoke the configured\n`tokenGranter` function with a user ID, service name, and service user ID. The string\nreturned by `tokenGranter` will be sent to the user in a JSON response:\n\n```json\n{\n  \"userToken\": \"returned-token-granter-value\"\n}\n```\n\nIf the check fails, an error will be returned instead, with a status code of 4xx or 5xx:\n\n```json\n{\n  \"error\": \"an error message\"\n}\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdavidje13%2Fauth-backend","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdavidje13%2Fauth-backend","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdavidje13%2Fauth-backend/lists"}