{"id":16640855,"url":"https://github.com/mcluseau/autentigo","last_synced_at":"2025-10-30T09:31:40.205Z","repository":{"id":57489910,"uuid":"138826502","full_name":"mcluseau/autentigo","owner":"mcluseau","description":"A simple JWT server trying to be compatible with common AuthN methods.","archived":false,"fork":false,"pushed_at":"2019-10-08T06:44:22.000Z","size":8161,"stargazers_count":10,"open_issues_count":4,"forks_count":4,"subscribers_count":5,"default_branch":"master","last_synced_at":"2024-06-20T05:21:31.743Z","etag":null,"topics":["authentication","golang","jwt","keystone","kubernetes-authentication"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mcluseau.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-06-27T03:44:36.000Z","updated_at":"2024-06-20T05:21:31.744Z","dependencies_parsed_at":"2022-08-29T20:00:56.361Z","dependency_job_id":null,"html_url":"https://github.com/mcluseau/autentigo","commit_stats":null,"previous_names":["mcluseau/autorizo"],"tags_count":14,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mcluseau%2Fautentigo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mcluseau%2Fautentigo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mcluseau%2Fautentigo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mcluseau%2Fautentigo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mcluseau","download_url":"https://codeload.github.com/mcluseau/autentigo/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":219856466,"owners_count":16556082,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","golang","jwt","keystone","kubernetes-authentication"],"created_at":"2024-10-12T07:26:24.362Z","updated_at":"2025-10-30T09:31:39.784Z","avatar_url":"https://github.com/mcluseau.png","language":"Go","readme":"[![Go Report Card](https://goreportcard.com/badge/github.com/mcluseau/autentigo)](https://goreportcard.com/report/github.com/mcluseau/autentigo)\n\n## Running\n\n```\nopenssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout tls.key -out tls.crt -subj /CN=localhost\nexport TLS_CRT=\"$(\u003ctls.crt)\" TLS_KEY=\"$(\u003ctls.key)\"\nexport SIGNING_METHOD=RS256\nautentigo\n```\n\n### Request examples\n\nSimple authentication:\n```\n$ curl -H'Content-Type: application/json' localhost:8080/simple -d'{\"user\":\"test-user\",\"password\":\"test-password\"}' |jq .\n{\n  \"token\": \"\u003cTOKEN\u003e\",\n  \"claims\": {\n    \"exp\": 1531110508,\n    \"iat\": 1531106908,\n    \"sub\": \"test-user\",\n    \"display_name\": \"Display Name\",\n    \"email\": \"email@example.com\",\n    \"email_verified\": true,\n    \"groups\": [\n      \"group1\",\n      \"group2\"\n    ]\n  }\n  \"claims\":\n}\n```\n\nBasic authentication:\n```\n$ curl -i localhost:8080/basic\nHTTP/1.1 401 Unauthorized\nWww-Authenticate: Basic realm=\"Autorizo\"\nDate: Wed, 27 Jun 2018 06:50:59 GMT\nContent-Length: 14\nContent-Type: text/plain; charset=utf-8\n\nUnauthorized.\n```\n\n```\n$ curl --basic --user test-user:test-password localhost:8080/basic |jq .\n{\n  \"token\": \"\u003cTOKEN\u003e\",\n  \"claims\": {\n    \"exp\": 1531110508,\n    \"iat\": 1531106908,\n    \"sub\": \"test-user\",\n    \"display_name\": \"Display Name\",\n    \"email\": \"email@example.com\",\n    \"email_verified\": true,\n    \"groups\": [\n      \"group1\",\n      \"group2\"\n    ]\n  }\n}\n```\n\nBasic authentication, setting only a cookie (also supported on /simple):\n```\n$ curl --basic --user test-user:test-password localhost:8080/basic -H'X-Set-Cookie: token' -i\nHTTP/1.1 200 OK\nContent-Type: application/json\nSet-Cookie: token=\u003cTOKEN\u003e; HttpOnly; Secure\nDate: Thu, 28 Jun 2018 22:59:57 GMT\nContent-Length: 67\n\n{\n  \"exp\": 1530230397,\n  \"iat\": 1530226797,\n  \"sub\": \"test-user\",\n  ...\n }\n```\n\n### Flags\n\n```\nautentigo --help\n```\n\n### Environment\n\n| Variable         | Description\n| ---------------- | ------------------------------------------------\n| `TLS_CRT`        | The certificate to check tokens\n| `TLS_KEY`        | The key to sign tokens\n| `SIGNING_METHOD` | The signing method to use (https://tools.ietf.org/html/rfc7518#section-3.1)\n| `AUTH_BACKEND`   | choose an authentication backend (default: stupid)\n\n### Auth backends\n\n#### stupid\n\nAlways accept the given credentials.\n\n#### file\n\nReads a file, defined by the `AUTH_FILE` env, in the format:\n\n```\n\u003cuser name\u003e:\u003cpassword SHA256 (hex)\u003e:email:email_validated:groups\n```\n\nOnly user and password are required.\n\nAdding an entry can be done this way:\n```\necho test-user:$(echo -n test-password |sha256sum |awk '{print $1}'):Display Name:email@example.com:yes:group1,group2 \u003e\u003eusers\n```\n\n#### LDAP simple bind\n\nTries to bind to an LDAP server, defined by the `LDAP_SERVER` env, with the given credentials and using `LDAP_USER`\nas a username template.\n\nExample:\n```\nAUTH_BACKEND=ldap-bind \\\nLDAP_SERVER=ldap://localhost:389 \\\nLDAP_USER=uid=%s,ou=users,dc=example,dc=com \\\nautentigo\n```\n\n#### etcd lookup\n\nLooks up the user in etcd, with a key like `prefix/user-name`. Takes an optionnal `ETCD_TIMEOUT` to change the lookup timeout.\n\nExample:\n```sh\nAUTH_BACKEND=etcd \\\nETCD_ENDPOINTS=http://localhost:2379 \\\nETCD_PREFIX=/users \\\nautentigo\n```\n\nAllowed extra claims in the etcd object:\n```json\n{\n    \"password_hash\": \"\u003cpassword sha256, hex encoded)\u003e\",\n    \"groups\": [ \"app1-admin\", \"app2-reader\" ],\n    \"display_name\": \"Display Name\",\n    \"email\": \"user@host\",\n    \"email_verified\": true\n}\n```\n\n#### SQL database lookup\n\nLooks up the user in the SQL database.\n\nExample:\n```sh\nAUTH_BACKEND=sql \\\nSQL_DRIVER=postgres\\\nSQL_DSN=\"user=postgres password=postgres host=localhost dbname=postgres sslmode=disable\"\\\nSQL_USER_TABLE=users \\\nautentigo\n```\n\nAllowed extra claims in the object:\n```json\n{\n    \"password_hash\": \"\u003cpassword sha256, hex encoded)\u003e\",\n    \"groups\": [ \"app1-admin\", \"app2-reader\" ],\n    \"display_name\": \"Display Name\",\n    \"email\": \"user@host\",\n    \"email_verified\": true\n}\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmcluseau%2Fautentigo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmcluseau%2Fautentigo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmcluseau%2Fautentigo/lists"}