{"id":26233644,"url":"https://github.com/docknetwork/auth-server","last_synced_at":"2025-04-22T12:11:08.930Z","repository":{"id":37798383,"uuid":"489485740","full_name":"docknetwork/auth-server","owner":"docknetwork","description":"Provides an oauth solution with verifiable credentials and SSI","archived":false,"fork":false,"pushed_at":"2025-02-05T19:52:08.000Z","size":1881,"stargazers_count":20,"open_issues_count":1,"forks_count":2,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-03-29T15:01:37.795Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://auth.dock.io","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/docknetwork.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-05-06T20:29:52.000Z","updated_at":"2025-02-05T19:52:14.000Z","dependencies_parsed_at":"2025-01-22T15:27:26.229Z","dependency_job_id":"1613b959-bbff-4619-a359-989514ff401a","html_url":"https://github.com/docknetwork/auth-server","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/docknetwork%2Fauth-server","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/docknetwork%2Fauth-server/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/docknetwork%2Fauth-server/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/docknetwork%2Fauth-server/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/docknetwork","download_url":"https://codeload.github.com/docknetwork/auth-server/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250237832,"owners_count":21397401,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-03-13T01:16:57.524Z","updated_at":"2025-04-22T12:11:08.903Z","avatar_url":"https://github.com/docknetwork.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Dock Web3 ID\n\nWeb3 ID is a blockchain-based Authentication and Authorization system that uses Decentralized Identifiers (DIDs) and Verifiable Credentials. There is an existing live service hosted at https://auth.dock.io however you may clone this repository/deploy it to vercel to spin up your own instance. It is mostly stateless, but does rely on a memcached instance currently for short-lived data transfer. No long term storage of user data is used, tokens and codes are obtained through cryptography. You can use this service to allow your users to provide their own user data, like you would request from \"Login with Facebook\" or \"Sign in with Github\".\n\nNote: You will still want to verify a users email if requested with this service.\n\nFeatures:\n- No long term storage of user/client data\n- User provides and controls their own data\n- Uses `did:dock` and `did:key` DIDs\n- Cryptographic client id/secrets\n- OAuth 2.0 spec compliant\n\nRoadmap:\n- Support requesting specific credentials/data\n- Decouple verification from the Dock API\n- Look into supporting the SIOP spec\n- OpenID Connect implementation\n- Support more DID types\n- Support non self-signed credentials\n- Zero Knowledge Proofs\n\nFor more information about the upcoming features, [get in touch](https://www.dock.io/contact).\n\n## As an OAuth 2.0 provider\n\nThis service can be used directly as an OAuth 2.0 provider with your favourite OAuth library. See the documentation for [OAuth 2.0 setup](docs/oauth2_setup.md). You are welcome to use our hosted version or your own. Setup instructions are for the hosted vesion, simply replace with your own domain to configure for another endpoint.\n\n## Under the Hood\n\nDecentralized Identifiers (DIDs) are cryptographically verifiable pseudonymous identifiers created by the user, owned by the user, and independent of any organization. DIDs contain no personal data about the user, the user may provide extra data you request such as their name, email etc. An example of a DID stored on the Dock blockchain could look like this:\n\n![sample-did](./public/DID%20example.jpg)\n\nEach DID is supported by a Public-Private cryptographic key pair.\n\nWhen a user scans the QR Code generated by the Dock Web3 ID service they are prompted to provide their data as requested by the scopes. The user’s Private Key associated with the DID digitally signs a Verifiable Credential. This Verifiable Credential with that data contains a cryptographic hash that ensures that it wasn’t modified since it was created and signed - and most importantly verifies that the user who owns that DID is providing that data.\n\nThis Authentication Verifiable Credential is sent to this auth service, which verifies that the credential was indeed cryptographically signed by the correct user and grants the user access to the application. Your server can then request the user data using the access token provided through the standard OAuth 2.0/Auth0 flow.\n\n## Development\n\nFirst, setup [the environment variables](#env-vars) and pre-requisite services and then you can run the development server:\n\n```bash\nnpm run dev\n# or\nyarn dev\n```\n\nOpen [http://localhost:3000](http://localhost:3000) with your browser to see the result.\n\n## Building and Deployment\n\nBuilding the application for production can be done with:\n\n```bash\nnpm run build\n# or\nyarn build\n```\n\nor you may wish to run it as a custom server with:\n\n```bash\nnpm run start\n# or\nyarn start\n```\n\n## Env Vars\n\nRunning the auth server requires:\n\n- A free [Truvera API key](https://truvera.io/) in order to verify credentials. Set through API_KEY\n- A memcached instance, you can find many free ones online for a small project or use a local docker container. Set through MEMCACHIER_SERVERS\n- A secure, randomly generated cryptographic key for authorizing clients set through CRYPTO_KEY\n- A public domain set through SERVER_URL (defaults to localhost:3000)\n\nExample `.env.local` file:\n```\nAPI_KEY=certs-api-key\nMEMCACHIER_SERVERS=your-memcached-uri:11211\nCRYPTO_KEY=32charactersecurecryptokey\nSERVER_URL=https://mydomain.com/\n```\n\n## Vercel Deploy\n\nDeploy to vercel in one click with this button\n\n[![Deploy with Vercel](https://vercel.com/button)](https://vercel.com/new/clone?repository-url=https%3A%2F%2Fgithub.com%2Fdocknetwork%2Fauth-server\u0026env=MEMCACHIER_SERVERS,API_KEY,CRYPTO_KEY\u0026envDescription=Environment%20variables%20needed%20for%20this%20applicaton\u0026envLink=https%3A%2F%2Fgithub.com%2Fdocknetwork%2Fauth-server%23env-vars\u0026project-name=did-auth\u0026repo-name=did-auth\u0026redirect-url=https%3A%2F%2Fdock.io%2F%3Fgtm_source%3Dauthdeploy)\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdocknetwork%2Fauth-server","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdocknetwork%2Fauth-server","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdocknetwork%2Fauth-server/lists"}