{"id":23630991,"url":"https://github.com/donomii/authentigate","last_synced_at":"2025-07-26T01:13:23.471Z","repository":{"id":42940190,"uuid":"337836473","full_name":"donomii/authentigate","owner":"donomii","description":"An edge server that manages user sessions via oauth2","archived":false,"fork":false,"pushed_at":"2023-11-12T18:57:13.000Z","size":23580,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2024-12-28T02:48:08.727Z","etag":null,"topics":["authentication","authentication-middleware","edge","edge-server","edge-service","oauth2","oauth2-client","session-management","user-management"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/donomii.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-02-10T19:51:12.000Z","updated_at":"2021-12-20T17:11:39.000Z","dependencies_parsed_at":"2024-06-21T02:07:41.302Z","dependency_job_id":"11ab8f75-7014-4b74-b14c-c15d9a0dec9b","html_url":"https://github.com/donomii/authentigate","commit_stats":{"total_commits":115,"total_committers":4,"mean_commits":28.75,"dds":0.6,"last_synced_commit":"05448ab1a86e69f704604521577e44f56bc813e7"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/donomii%2Fauthentigate","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/donomii%2Fauthentigate/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/donomii%2Fauthentigate/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/donomii%2Fauthentigate/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/donomii","download_url":"https://codeload.github.com/donomii/authentigate/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239551153,"owners_count":19657746,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","authentication-middleware","edge","edge-server","edge-service","oauth2","oauth2-client","session-management","user-management"],"created_at":"2024-12-28T02:48:11.509Z","updated_at":"2025-02-18T21:23:51.390Z","avatar_url":"https://github.com/donomii.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# authentigate\nAn edge server that manages logins and relays connections.  Great for small/personal installations that want to survive on the web.\n\nAuthentigate increases your security by protecting your web apps against several kinds of hacks, and handles user logins and sessions so that you don't have to.\n\nIt accepts requests, authenticates them, and passes the request to the correct (micro)service.  Authentigate increases security by limiting the kind and amount of data that will be sent to (micro)services.\n\nTo increase security and GDPR compliance, authentigate does not store user data or passwords, it instead uses oauth2 and TOTP to authenticate users.  Even if an authentigate server is completely compromised, no user data will be lost, not even passwords (although all session tokens would need to be revoked, forcing users to log in again).\n\nAuthentigate uses Let'sEncrypt to provide HTTPS access.\n\nAuthentigate is still in development.  Some features are not fully implemented, and there are certainly errors.\n\n# Setup\n\n    git clone github.com/donomii/authentigate\n    cd authentigate\n    go build .\n    cp provider_secrets.json.example provider_secrets.json\n    vim provider_secrets.json\n    cp example_config.json config.json\n    vim config.json\n    ./authentigate\n  \n# Configuration files\n\nThere are two configuration files, provider_secrets.json and config.json.  config.json holds the routes to your internal services.  See the included config.json for a concrete example.\n\nThe provider_secrets.json file holds the tokens and ids needed to access online oauth2 services.\n\n# provider_secrets\n\nThe provider_secrets file contains the secret details needed to authenticate against some popular oauth2 servers.   To get these details, you will need to register your application with these web sites.  Unfortunately each service has a different sign up process, so I can't describe them all here.  Usually, googling e.g. \"github oauth2\" will get you to the right place.\n\nOnce you have your details, add them to the file\n\n```json\n{\n  \"amazon\": {\n    \"clientID\": \"xxxxxxxxxxxxxx\",\n    \"clientSecret\": \"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\",\n    \"redirectURL\": \"http://localhost/auth/amazon/callback\"\n },\n \"bitbucket\": {\n  \"clientID\": \"xxxxxxxxxxxxxx\",\n  \"clientSecret\": \"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\",\n  \"redirectURL\": \"http://localhost/auth/bitbucket/callback\"\n  },\n}\n```\nYou must configure the redirectURL to match your servername and port.\n\nBe aware that you will usually have to register the \"redirectURL\" with the oauth2 provider, and sometimes this registration is on a different page than the page where you get your clientID and clientSecret.\n\nA sample file called provider_secrets.json.examples can be found in the repository.  Rename it to provider_secrets.json and add your details.\n\n# Development and testing\n\nStart authentigate with the --develop flag.  This will disable https, and all logins will be redirected to user \"1\".\n\n# Integration\n\nThe entire point of authentigate is to ingtegrate with other services.  Authentigate is a full HTTP/HTTPS server, which works as a reverse proxy, relay server, or \"edge\" server.  It accepts requests, authenticates them, and passes the request to the correct (micro)service.  Authentigate increases security by limiting the kind and amount of data that will be sent to (micro)services.\n\nRather than relaying the entire request from client to microservice, authentigate creates a new request, and only copies what is necessary for the request.  This prevents clients from sending possibly dangerous additional information in the requests.  Authentigate also prevents clients from overloading your microservices by crashing before they do.\n\nTo integrate with other services, edit config.json and add the routes to your services.  See the included config.json for a concrete example.  Typically you would start your services bound to \"localhost\", and authentigate would relay external requests to them.\n\nIntegrating with existing web apps can be easy or difficult, depending entirely on the app.  If the app uses relative links, then it should work out of the box.  If the app uses absolute links, then you will need to edit the app to use relative links, or construct the correct external links.  Because there is no standard for this sort of thing, it is impossible for authentigate to take over authentication for all web apps.  You may have to login twice to access e.g. your email app if you put it behind authentigate.\n\n# Header fields\n\nAuthentigate also adds four HTTP header fields: authentigate-id, authentigate-token, authentigate-base-url, authentigate-top-url.  You can use these in your program to find out which user is logged in, and how to generate links that work with authentigate.\n\n## authentigate-id\n\nThis is authentigate's internal user id.  You should not show it to the user, and you should use it as a unique user id.  It never changes.\n\n## authentigate-token\n\nThis is the revocable session token that the client is currently using.\n\n## authentigate-base-url\n\nThe **external** base url of your website (with session token).  Used mainly to allow you to create links to other microservices.  You can use this to construct automatic login urls that will work with e.g. curl.  You should show this to the user, you should never use this as a key for user data.\n\n## authentigate-top-url\n\nThe **external** base url of your microservice (with session token).  You add your API path to the end of this.  You can use this to construct automatic login urls that will work with e.g. curl.  You should show this to the user, you should never use this as a key for user data.\n\n## Customising the login page\n\nYou can customise the login page by editing files/frontpage.html.  You can use the following variables in your template:\n\n* BASE - the base url of your website (without session token).  Use this to return to the login page.\n* TOKEN - the session token\n* SECUREURL - the base url of your website (with session token).  Use this to link to other microservices.\n\nThe login page redirects the user to a default menu page.  You can choose the default menu page by editing files/loginSuccessful.html\n\n## Special URLs\n\nAuthentigate has a few special URLs.\n\n* BASE/manage/:token/token - shows the current user's token.  \n* BASE/manage/:token/updateUser - allows the user to update their details, and activate their TOTP token.\n* BASE/manage/:token/newToken - allows the user to generate a new session token.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdonomii%2Fauthentigate","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdonomii%2Fauthentigate","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdonomii%2Fauthentigate/lists"}