{"id":16099808,"url":"https://github.com/nymann/authix","last_synced_at":"2026-01-20T04:32:24.352Z","repository":{"id":57768642,"uuid":"525567155","full_name":"nymann/authix","owner":"nymann","description":"Authentication as a microservice","archived":false,"fork":false,"pushed_at":"2024-02-15T22:56:15.000Z","size":106,"stargazers_count":1,"open_issues_count":2,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-04-06T08:09:28.981Z","etag":null,"topics":["authentication","jwt","microservice"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nymann.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-08-16T22:57:41.000Z","updated_at":"2022-10-05T17:25:26.000Z","dependencies_parsed_at":"2024-10-27T17:25:35.839Z","dependency_job_id":"58829027-8353-4fe3-8bcf-39110b7f12d2","html_url":"https://github.com/nymann/authix","commit_stats":{"total_commits":32,"total_committers":1,"mean_commits":32.0,"dds":0.0,"last_synced_commit":"4e7a472948f9110b8d939b9846facf2a58318988"},"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nymann%2Fauthix","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nymann%2Fauthix/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nymann%2Fauthix/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nymann%2Fauthix/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nymann","download_url":"https://codeload.github.com/nymann/authix/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247694893,"owners_count":20980731,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","jwt","microservice"],"created_at":"2024-10-09T18:44:17.187Z","updated_at":"2026-01-20T04:32:24.344Z","avatar_url":"https://github.com/nymann.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Authix: Scalable Authentication Service\n\nWelcome to **Authix**, an authentication service designed based on a [talk by\nBrian Pontarelli](https://www.youtube.com/watch?v=SLc3cTlypwM).\n\nAuthix provides a comprehensive solution for user authentication, built on the\nprinciples of JWT (pronounced 'jot') and refresh tokens.\n\n## How do I run this?\n\n```yml\nversion: \"3.8\"\n\nservices:\n  authix:\n    image: nymann/authix:latest\n    networks:\n      - authix\n    environment:\n      - AUTH_TITLE=\"Auth Service\"\n      - KEY_FOLDER=\"keys\"\n      - LOG_LEVEL=DEBUG\n      - MONGODB_URL=\"mongodb://authix:test123@user_mongodb:27017\"\n      - PASSWORD__MAX_LENGTH=128\n      - PASSWORD__MIN_LENGTH=12\n      - PASSWORD__MIN_DIGITS=1\n      - PASSWORD__MIN_LOWERCASE_CHARS=1\n      - PASSWORD__MIN_SPECIAL_CHARS=1\n      - PASSWORD__MIN_UPPERCASE_CHARS=1\n      - PASSWORD__SYMBOLS='!@#$%^\u0026*()[]-_=+{}\\|\";:\u003c\u003e,.'\n      - REFRESH_REDIS=\"redis://:test123@refresh_redis:6379\"\n  refresh_redis:\n    container_name: refresh_redis\n    build:\n      context: docker\n      dockerfile: redis.Dockerfile\n    networks:\n      - authix\n    volumes:\n      - ./docker/redis.conf:/usr/local/etc/redis/redis.conf\n      - /tmp/refresh_redis_data:/data\n  user_mongodb:\n    image: mongo:latest\n    container_name: user_mongodb\n    networks:\n      - authix\n    environment:\n      MONGO_INITDB_ROOT_USERNAME: authix\n      MONGO_INITDB_ROOT_PASSWORD: test123\n    volumes:\n      - /tmp/authix_mongo_db:/data/db\n```\n\n## Key Features\n\n1. **User Registration**: Users can sign up using their email and password.\n   Users are stored in MongoDB.\n\n2. **User Login**: Upon successful login, users receive:\n\n   - A JWT access token in the Authorization header for immediate access.\n   - A longer-lived refresh token as an HTTP cookie for extended sessions.\n\n3. **Access Token Management**: Generate new JWT access tokens using the\n   provided refresh token, ensuring seamless user experiences.\n\n4. **Public Key**: Services can verify JWTs independently via public key,\n   thereby reducing inter-service network calls.\n\n5. **Secure Logout**: Users are logged out by deleting their refresh token from\n   storage, which thereby removes the possibility to create new access tokens.\n   Furthermore, it informs all connected services via Kafka to reject JWTs from\n   the logged-out user, that have been created prior to logging out.\n\n6. **Token Lifespan**:\n   - JWT access tokens are valid for 5 minutes.\n   - Refresh tokens, stored in REDIS, last for 4 weeks.\n\n## Diagrams\n\n### User Perspective\n\n```mermaid\ngraph TB\n  A[\"User\"] -- \"Register\" --\u003e B[\"/register\"]\n  A -- \"Login\" --\u003e C[\"/login\"]\n  C -- \"JWT \u0026 Refresh Token\" --\u003e A\n  A -- \"Use Refresh Token\" --\u003e D[\"/access_token\"]\n  D -- \"New JWT\" --\u003e A\n  A -- \"Logout\" --\u003e E[\"/logout\"]\n```\n\n### Service Perspective\n\n```mermaid\ngraph TB\n  S[\"Service\"] -- \"Retrieve Public Key\" --\u003e PK[\"/public_key\"]\n  S -- \"Verify JWT\" --\u003e V[\"Verify JWT using Public Key\"]\n  S -- \"Handle Logout Broadcast\" --\u003e L[\"Reject soon-to-expire JWTs\"]\n```\n\n## Performance\n\nOn a single computer, running Authix via uvicorn with 16 workers, expect:\n\nCreate 1K users\n\n```\n1000 /register\n\n2.97 seconds\n```\n\nCreate 1K users, and login each user.\n\n```\n1000 /register\n1000 /login\n\n6.28 seconds\n```\n\nCreate 10 users, for each user login, and call `/access_token` 1K times.\n\n```\n10 /register\n10 /login\n10000 /access_token\n\n3.43 seconds\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnymann%2Fauthix","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnymann%2Fauthix","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnymann%2Fauthix/lists"}