{"id":37141961,"url":"https://github.com/gobricks/facecontrol","last_synced_at":"2026-01-14T16:39:49.050Z","repository":{"id":57565213,"uuid":"58858966","full_name":"gobricks/facecontrol","owner":"gobricks","description":"Simple authentication, single sign-on and (optinal) authorization solution.","archived":false,"fork":false,"pushed_at":"2017-08-15T12:05:51.000Z","size":31,"stargazers_count":11,"open_issues_count":0,"forks_count":1,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-06-20T10:18:08.786Z","etag":null,"topics":["authentication","authorization","golang","jwt","sso"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/gobricks.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-05-15T11:51:58.000Z","updated_at":"2022-10-07T04:30:22.000Z","dependencies_parsed_at":"2022-08-23T12:11:32.877Z","dependency_job_id":null,"html_url":"https://github.com/gobricks/facecontrol","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/gobricks/facecontrol","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gobricks%2Ffacecontrol","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gobricks%2Ffacecontrol/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gobricks%2Ffacecontrol/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gobricks%2Ffacecontrol/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gobricks","download_url":"https://codeload.github.com/gobricks/facecontrol/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gobricks%2Ffacecontrol/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28426119,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T16:32:27.303Z","status":"ssl_error","status_checked_at":"2026-01-14T16:28:36.419Z","response_time":107,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","authorization","golang","jwt","sso"],"created_at":"2026-01-14T16:39:48.282Z","updated_at":"2026-01-14T16:39:49.033Z","avatar_url":"https://github.com/gobricks.png","language":"Go","readme":"[![Build Status](https://travis-ci.org/gobricks/facecontrol.svg?branch=master)](https://travis-ci.org/gobricks/facecontrol)\n[![Go Report Card](https://goreportcard.com/badge/github.com/gobricks/facecontrol)](https://goreportcard.com/report/github.com/gobricks/facecontrol)\n\n\n# Facecontrol\n\nSimple authentication, single sign-on and (optional) authorization solution.\n\n# Basic example\n\n``` go\npackage main\n\nimport (\n    \"time\"\n    \"errors\"\n    \"net/http\"\n\n    \"github.com/gobricks/facecontrol\"\n)\n\ntype MyUser struct {\n    Login string    `json:\"login\"`\n    FullName string `json:\"fullname\"`\n    IsAdmin bool    `json:\"is_admin\"`\n    CanEdit []string `json:\"can_edit\"`\n}\n\nfunc main() {\n    fc, _ := facecontrol.New(facecontrol.Config{\n        RunAt: \":8080\",\n        JwtSecret: \"OpenSesame\",\n        JwtTTL: 24 * time.Hour,\n        Validator: findUser,\n    })\n    \n    fc.Run()\n}\n\nfunc findUser(r *http.Request) (facecontrol.Payload, error) {\n    login := r.URL.Query().Get(\"login\")\n    password := r.URL.Query().Get(\"password\")\n\n    if login != \"admin\" \u0026\u0026 password != \"12345\" {\n        return nil, errors.New(\"Invalid credentials\")\n    }\n\n    return MyUser{\n        Login: \"admin\",\n        FullName: \"Johnny Mnemonic\",\n        IsAdmin: true,\n        CanEdit: []string{\"posts\", \"comments\"},\n    }, nil\n}\n```\n\n# Configuration\n\nUse `facecontrol.Config` struct to customize Facecontrol behavior. Available fields are:\n\n``` go\nRunAt     string // defines address of running facecontrol instance. Example: \"127.0.0.1:6000\". Required\nEnableSSL bool   // forces facecontrol to run in HTTPS mode\nSSLCert   string // path to corresponding SSL file. Required if EnableSSL is true\nSSLKey    string // path to corresponding SSL file. Required if EnableSSL is true\nJwtSecret string // will be used to sign auth tokens. Required\nJwtTTL    time.Duration // token expiration time\nValidator CredentialsValidator // user define credentials validation function\n```\n\n# Validator function\n\nA function with signature of `func(*http.Request) (facecontrol.Payload, error)` can be passed to `facecontrol.Config`.\nIf so every incoming HTTP request for token issuing will be passed to this function.\nYou can use this function to find user in your database or any other credential storage.\nIf given function return non-nil error user will be declined from acquiring token.\n\n# Token issuing and validation\n\nAfter calling ```facecontrol.Run()``` a web server will startup, allowing you to call two URLs:\n* ```GET /issue``` - for token issuing\n* ```GET /validate``` - for validating previously issued token\n\n**Token validation example**:\n\n```curl -X POST -F \"login=admin\" -F \"password=d41d8cd98f00b204e9800998ecf8427e\" \"http://127.0.0.1:6000/issue\"```\n\nReturns:\n\n```\neyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0NjU5MTI3NjksInVpZCI6ImdvYnJpY2tzIn0.ITqJ1uMdNZXb9XfqbNVF-qy7hVTnPr5ZUk3SHf77y6MDb6_nBCxXN01Fo5M3jxP9o5DnCYV3Ic4OnIybb9qs1\n```\n\n**Token validation example**:\n\n```curl -X GET -H \"Authorization: Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE0ODYzMjAwODYsImlzcyI6ImZhY2Vjb250cm9sIn0.dZB-v4fx2x155YarTze17sQsq1HRpz0rYdIxF3hUG469-0l3N1RzE9ES1MFz8kPSWLaKUvXBAqXXDEEmNEb-DA\" \"http://127.0.0.1:6000/validate\"```\n\nReturns:\n\n``` json\n{\n  \"iat\": 1486320086,\n  \"iss\": \"facecontrol\",\n  \"data\": {\n      \"login\": \"admin\",\n      \"is_admin\": true\n  }\n}\n```\n\n# How it fits into your infastructure\n![How it works](http://i.imgur.com/Cn2ImqX.jpg)\n\n# How to achieve single sign-on\n\nJust make session cookie available to any service hosted on your domain (e.g. *.mysite.com).\n\n# How to achieve authorization\n\nYou can pass user priveleges into token payload using `Validator` function.\nAll your services will get this priveleges back after user authentication.\nSee basic example.\n\nUpon receiving user data from facecontrol your service can check if user can perform certain action based on available priveleges. \n\n# Important security notices\n\n* It is highly recomended to use HTTPS for any facecontrol communications.\n* You must never save into or pass to facecontrol user password in plain text. Use hashed version of password instead.\n* Do not share JWT secret with any other services. It is ment to be unknown for everyone except facecontrol service.\n\n\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgobricks%2Ffacecontrol","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgobricks%2Ffacecontrol","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgobricks%2Ffacecontrol/lists"}