{"id":49957465,"url":"https://github.com/evolution-foundation/evo-auth-service-community","last_synced_at":"2026-05-28T00:01:29.861Z","repository":{"id":353606572,"uuid":"1185630238","full_name":"evolution-foundation/evo-auth-service-community","owner":"evolution-foundation","description":null,"archived":false,"fork":false,"pushed_at":"2026-05-25T18:08:10.000Z","size":463,"stargazers_count":2,"open_issues_count":10,"forks_count":15,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-25T18:11:52.435Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/evolution-foundation.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":"NOTICE","maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-18T19:34:16.000Z","updated_at":"2026-05-25T16:22:57.000Z","dependencies_parsed_at":null,"dependency_job_id":"dd724eb6-17f3-428b-9b9a-27c3b430db44","html_url":"https://github.com/evolution-foundation/evo-auth-service-community","commit_stats":null,"previous_names":["evolutionapi/evo-auth-service-community","evolution-foundation/evo-auth-service-community"],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/evolution-foundation/evo-auth-service-community","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/evolution-foundation%2Fevo-auth-service-community","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/evolution-foundation%2Fevo-auth-service-community/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/evolution-foundation%2Fevo-auth-service-community/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/evolution-foundation%2Fevo-auth-service-community/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/evolution-foundation","download_url":"https://codeload.github.com/evolution-foundation/evo-auth-service-community/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/evolution-foundation%2Fevo-auth-service-community/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33588345,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-27T02:00:06.184Z","response_time":53,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-05-18T00:19:19.885Z","updated_at":"2026-05-28T00:01:29.855Z","avatar_url":"https://github.com/evolution-foundation.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://evolutionfoundation.com.br\"\u003e\n    \u003cimg src=\"./public/hover-evolution.png\" alt=\"Evolution Foundation\" /\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\n\u003ch1 align=\"center\"\u003eEvo CRM Auth Service\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n  Authentication, RBAC, OAuth 2.0 and token issuance service for the Evo CRM Community.\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/evolution-foundation/evo-auth-service-community/releases/latest\"\u003e\u003cimg src=\"https://img.shields.io/github/v/release/evolution-foundation/evo-auth-service-community?include_prereleases\u0026label=version\u0026color=00ffa7\" alt=\"Latest version\" /\u003e\u003c/a\u003e\n  \u003ca href=\"https://opensource.org/licenses/Apache-2.0\"\u003e\u003cimg src=\"https://img.shields.io/badge/License-Apache%202.0-blue.svg\" alt=\"License: Apache 2.0\" /\u003e\u003c/a\u003e\n  \u003ca href=\"https://docs.evolutionfoundation.com.br\"\u003e\u003cimg src=\"https://img.shields.io/badge/Docs-evolutionfoundation.com.br-00ffa7\" alt=\"Documentation\" /\u003e\u003c/a\u003e\n  \u003ca href=\"https://evolutionfoundation.com.br/community\"\u003e\u003cimg src=\"https://img.shields.io/badge/Community-Join%20us-white\" alt=\"Community\" /\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://evolutionfoundation.com.br\"\u003eWebsite\u003c/a\u003e \u0026middot;\n  \u003ca href=\"https://docs.evolutionfoundation.com.br\"\u003eDocumentation\u003c/a\u003e \u0026middot;\n  \u003ca href=\"https://evolutionfoundation.com.br/community\"\u003eCommunity\u003c/a\u003e \u0026middot;\n  \u003ca href=\"mailto:suporte@evofoundation.com.br\"\u003eSupport\u003c/a\u003e\n\u003c/p\u003e\n\n---\n\n## About\n\n**Evo CRM Auth Service** is the authentication and authorization microservice of the Evo CRM Community. Built on Ruby on Rails 7.1, it provides Bearer token authentication, OAuth 2.0 (Doorkeeper), Multi-Factor Authentication (TOTP, Email OTP, backup codes), Role-Based Access Control with simple `account_owner` / `agent` roles, and LGPD-compliant audit logging.\n\n## Part of the Evo CRM Community\n\nEvo CRM Auth Service is part of the [Evo CRM Community](https://github.com/evolution-foundation/evo-crm-community) ecosystem maintained by Evolution Foundation. To use the full stack, clone the umbrella repository with submodules:\n\n```bash\ngit clone --recurse-submodules git@github.com:evolution-foundation/evo-crm-community.git\n```\n\nThe Community Edition is **single-tenant** by design — one account, no multi-tenancy overhead, no super-admin, no billing or plans. The role hierarchy is simple: `account_owner` and `agent`.\n\n---\n\n## Features\n\n### Authentication\n- Bearer token authentication with JWT\n- OAuth 2.0 provider via Doorkeeper (RFC 6749)\n- Multi-Factor Authentication (TOTP, Email OTP, backup codes)\n- Legacy DeviseTokenAuth support for backward compatibility\n- Well-Known discovery endpoints (RFC 8414)\n\n### Authorization\n- Role-Based Access Control (RBAC): `account_owner` and `agent`\n- Token rotation and secure session management\n\n### Compliance\n- LGPD-compliant data privacy controls\n- Comprehensive audit logging for all user actions\n- Database-driven feature flags\n\n### API\n- RESTful API with documented endpoints\n- OpenAPI / Swagger documentation\n- Webhook support for real-time notifications\n- Multi-language support (EN, PT-BR)\n\n---\n\n## Quick Start\n\n### Prerequisites\n\n- **Ruby** 3.4.4\n- **Rails** 7.1+\n- **PostgreSQL** 12+\n- **Redis** 6+\n\n### Installation\n\n```bash\ngit clone git@github.com:evolution-foundation/evo-auth-service-community.git\ncd evo-auth-service-community\n\n# Install dependencies\nbundle install\n\n# Configure database\nrails db:create\nrails db:migrate\nrails db:seed\n\n# Start server\nrails server -p 3001\n```\n\nThe service will be available at `http://localhost:3001`.\n\n\u003e **Default credentials**: configured in `db/seeds.rb`. Review and change them before any deployment.\n\n### API documentation\n\nOnce running, Swagger UI is available at:\n\n```\nhttp://localhost:3001/api-docs\n```\n\n---\n\n## Configuration\n\nCreate a `.env` file:\n\n```bash\n# Database\nDATABASE_URL=postgresql://user:pass@localhost:5432/evo_auth_service_development\n\n# Redis\nREDIS_URL=redis://localhost:6379/1\n\n# JWT secret\nDEVISE_JWT_SECRET_KEY=your_super_secret_jwt_key\n\n# OAuth\nDOORKEEPER_SECRET_KEY=your_doorkeeper_secret_key\n\n# Frontend URL (CORS and OAuth callbacks)\nFRONTEND_URL=http://localhost:3000\n\n# Email (MFA and notifications)\nSMTP_HOST=smtp.example.com\nSMTP_PORT=587\nSMTP_USERNAME=your_email@example.com\nSMTP_PASSWORD=your_app_password\n```\n\nSee `.env.example` for all available variables.\n\n---\n\n## Authentication examples\n\n### Bearer token (recommended)\n\n```bash\n# Login\ncurl -X POST http://localhost:3001/api/v1/auth/login \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\"email\": \"user@example.com\", \"password\": \"password\"}'\n\n# Use the token\ncurl -X GET http://localhost:3001/api/v1/auth/me \\\n  -H \"Authorization: Bearer YOUR_ACCESS_TOKEN\"\n```\n\n### API access token (server-to-server)\n\n```bash\ncurl -X GET http://localhost:3001/api/v1/users \\\n  -H \"api_access_token: YOUR_API_TOKEN\"\n```\n\n### OAuth 2.0 Bearer token (third-party apps)\n\n```bash\ncurl -X GET http://localhost:3001/api/v1/users \\\n  -H \"Authorization: Bearer YOUR_OAUTH_TOKEN\"\n```\n\n---\n\n## Architecture\n\nThe auth service issues tokens consumed by all other services in the Evo CRM Community ecosystem:\n\n```\n                    ┌──────────────────────────┐\n                    │  Evo CRM Auth Service    │ ← (you are here)\n                    │  (token issuance, RBAC)  │\n                    └────────────┬─────────────┘\n                                 │ Bearer token\n          ┌──────────────────────┼──────────────────────┐\n          ↓                      ↓                      ↓\n   evo-ai-crm-community  evo-ai-core-service   evo-ai-processor\n   (conversations,       (agents, tools,       (agent execution,\n    contacts)             API keys, folders)    sessions)\n```\n\nInter-service communication uses Bearer token authentication. Tokens issued by this service are forwarded between services — no `account-id` header required.\n\n---\n\n## Key Endpoints\n\n| Endpoint | Description |\n|---|---|\n| `POST /api/v1/auth/login` | User authentication (Bearer token) |\n| `GET /api/v1/auth/me` | Get current user info |\n| `POST /auth/sign_in` | Legacy DeviseTokenAuth |\n| `POST /api/v1/mfa/setup_totp` | Setup TOTP MFA |\n| `GET /oauth/authorize` | OAuth 2.0 authorization |\n| `POST /oauth/token` | OAuth 2.0 token exchange |\n| `GET /.well-known/oauth-authorization-server` | OAuth server metadata |\n\n---\n\n## Testing\n\n```bash\n# All tests\nbundle exec rspec\n\n# Specific file\nbundle exec rspec spec/models/user_spec.rb\n\n# With coverage\nCOVERAGE=true bundle exec rspec\n```\n\n---\n\n## Documentation\n\n| Resource | Link |\n|---|---|\n| Website | [evolutionfoundation.com.br](https://evolutionfoundation.com.br) |\n| Documentation | [docs.evolutionfoundation.com.br](https://docs.evolutionfoundation.com.br) |\n| Community | [evolutionfoundation.com.br/community](https://evolutionfoundation.com.br/community) |\n| Changelog | [CHANGELOG.md](./CHANGELOG.md) |\n| Contributing | [CONTRIBUTING.md](./CONTRIBUTING.md) |\n| Security | [SECURITY.md](./SECURITY.md) |\n\n---\n\n## Contributing\n\nContributions are welcome! Please read [CONTRIBUTING.md](./CONTRIBUTING.md) for guidelines on how to submit issues, propose features, and open pull requests.\n\nJoin our [community](https://evolutionfoundation.com.br/community) to discuss ideas and collaborate.\n\n---\n\n## Security\n\nFor security issues, **do not open a public issue**. Email **suporte@evofoundation.com.br** or use GitHub's private vulnerability reporting. See [SECURITY.md](./SECURITY.md) for details.\n\n---\n\n## Acknowledgments\n\nThis service builds on excellent open-source software:\n- [DeviseTokenAuth](https://github.com/lynndylanhurley/devise_token_auth) — JWT authentication\n- [Doorkeeper](https://github.com/doorkeeper-gem/doorkeeper) — OAuth 2.0 provider\n- [ROTP](https://github.com/mdp/rotp) — TOTP implementation\n- [RSwag](https://github.com/rswag/rswag) — API documentation\n\n---\n\n## License\n\nEvo CRM Auth Service is licensed under the Apache License 2.0. See [LICENSE](./LICENSE) for details.\n\n## Trademarks\n\n\"Evolution Foundation\", \"Evolution\" and \"Evo CRM Auth Service\" are trademarks of Evolution Foundation. See [TRADEMARKS.md](./TRADEMARKS.md) for the brand assets policy.\n\nThird-party attributions are documented in [NOTICE](./NOTICE).\n\n---\n\n\u003cp align=\"center\"\u003e\n  Made by \u003ca href=\"https://evolutionfoundation.com.br\"\u003eEvolution Foundation\u003c/a\u003e · © 2026\n\u003c/p\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fevolution-foundation%2Fevo-auth-service-community","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fevolution-foundation%2Fevo-auth-service-community","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fevolution-foundation%2Fevo-auth-service-community/lists"}