{"id":20610527,"url":"https://github.com/reugn/auth-server","last_synced_at":"2025-04-15T04:32:19.724Z","repository":{"id":57602158,"uuid":"261574420","full_name":"reugn/auth-server","owner":"reugn","description":"Simple authentication and authorization service","archived":false,"fork":false,"pushed_at":"2024-02-24T10:51:33.000Z","size":156,"stargazers_count":76,"open_issues_count":0,"forks_count":7,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-03-12T02:51:17.611Z","etag":null,"topics":["auth","authentication","authentication-middleware","authorization","identity","identity-server","oauth2","oauth2-server","proxy-middleware","self-hosted","selfhosted"],"latest_commit_sha":null,"homepage":"https://pkg.go.dev/github.com/reugn/auth-server","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/reugn.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-05-05T20:19:10.000Z","updated_at":"2025-02-13T16:39:27.000Z","dependencies_parsed_at":"2024-06-19T00:22:48.095Z","dependency_job_id":"ff3a3016-43e3-4ddf-a514-ad0275f8182b","html_url":"https://github.com/reugn/auth-server","commit_stats":null,"previous_names":["reugn/auth_server"],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reugn%2Fauth-server","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reugn%2Fauth-server/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reugn%2Fauth-server/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reugn%2Fauth-server/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/reugn","download_url":"https://codeload.github.com/reugn/auth-server/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249006570,"owners_count":21197299,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["auth","authentication","authentication-middleware","authorization","identity","identity-server","oauth2","oauth2-server","proxy-middleware","self-hosted","selfhosted"],"created_at":"2024-11-16T10:17:06.017Z","updated_at":"2025-04-15T04:32:19.705Z","avatar_url":"https://github.com/reugn.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# auth-server\n[![Build](https://github.com/reugn/auth-server/actions/workflows/build.yml/badge.svg)](https://github.com/reugn/auth-server/actions/workflows/build.yml)\n[![PkgGoDev](https://pkg.go.dev/badge/github.com/reugn/auth-server)](https://pkg.go.dev/github.com/reugn/auth-server)\n[![Go Report Card](https://goreportcard.com/badge/github.com/reugn/auth-server)](https://goreportcard.com/report/github.com/reugn/auth-server)\n\nThis project offers a toolkit for building and configuring a tailored authentication and authorization service.\n\n`auth-server` can act as a proxy middleware or be configured in a stand-alone mode. It doesn't require any third-party software integration.\nLeverage existing backend [storage repositories](internal/repository) for storing security policies or develop a custom one to suit your specific requirements.\nFor information on how to configure repositories using environment variables, refer to the [repository configuration](docs/repository_configuration.md) page.\n\n\u003e [!NOTE] \n\u003e This project's security has not been thoroughly evaluated. Proceed with caution when setting up your own auth provider.\n\n## Introduction\n* **Authentication** is used by a server when the server needs to know exactly who is accessing their information or site.\n* **Authorization** is a process by which a server determines if the client has permission to use a resource or access a file.\n\nThe inherent complexity of crafting an authentication and authorization strategy raises a barrage of immediate questions:\n\n* Would it be beneficial to utilize separate services for authentication and authorization purposes?\n* What is the process for creating access tokens, and who is tasked with this responsibility?\n* Is it necessary to adapt our REST service to support an authorization flow?\n\nThe `auth-server` project aims to address these concerns by serving as a transparent authentication and authorization proxy middleware.\n\n## Architecture\n![architecture_diagram](docs/images/architecture_diagram_1.png)\n\n1. The user requests an access token (JWT), using a basic authentication header:\n    ```\n    GET /token HTTP/1.1\n    Host: localhost:8081\n    Authorization: Basic YWRtaW46MTIzNA==\n    ```\n\n2. The proxy server routes this request to `auth-server` to issue a token.  \n    Response body:  \n    `{\"access_token\":\"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1ODg5MzMyNTIsImlhdCI6MTU4ODkyOTY1MiwidXNlciI6ImFkbWluIiwicm9sZSI6MX0.LUx9EYsfBZGwbEsofBTT_5Lo3Y_3lk7T8pWLv3bw-XKVOqb_GhaRkVE90QR_sI-bWTkYCFIG9cPYmMXzmPLyjbofgsqTOzH6OaXi3IqxwZRtRGFtuqMoqXkakX5n38mvI3XkIOwFkNosHrpMtIq-HdqB3tfiDJc3YMsYfPbqyRBnBYJu2K51NslGQSiqKSnS_4KeLeaqqdpC7Zdb9Fo-r7EMn3FFuyPEab1iBsrcUYG3qnsKkvDhaq_jEGHflao7dEPEWaiGvJywXWaKR6XyyGtVx0H-OPfgvh1vUCLUUci2K3xE-IxjfRrHx3dSzdqFgJq_n4bVXpO9iNVYOZLccQ\",\"token_type\":\"Bearer\",\"expires_in\":3600000}`\n\n3. The user sends an authenticated request to the proxy server:\n    ```\n    GET /foo HTTP/1.1\n    Host: localhost:8081\n    Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1ODg5MzMyNTIsImlhdCI6MTU4ODkyOTY1MiwidXNlciI6ImFkbWluIiwicm9sZSI6MX0.LUx9EYsfBZGwbEsofBTT_5Lo3Y_3lk7T8pWLv3bw-XKVOqb_GhaRkVE90QR_sI-bWTkYCFIG9cPYmMXzmPLyjbofgsqTOzH6OaXi3IqxwZRtRGFtuqMoqXkakX5n38mvI3XkIOwFkNosHrpMtIq-HdqB3tfiDJc3YMsYfPbqyRBnBYJu2K51NslGQSiqKSnS_4KeLeaqqdpC7Zdb9Fo-r7EMn3FFuyPEab1iBsrcUYG3qnsKkvDhaq_jEGHflao7dEPEWaiGvJywXWaKR6XyyGtVx0H-OPfgvh1vUCLUUci2K3xE-IxjfRrHx3dSzdqFgJq_n4bVXpO9iNVYOZLccQ\n    ```\n\n4. Proxy invokes `auth-server` as an authentication/authorization middleware. In case the token was successfully authenticated/authorized, the request will be routed to the target service. Otherwise, an auth error code will be returned to the client.\n\n## Installation and Prerequisites\n* `auth-server` is written in Golang.\nTo install the latest stable version of Go, visit the [releases page](https://golang.org/dl/).\n\n* Read the following [instructions](./secrets/README.md) to generate keys required to sign the token. Specify the location of the generated certificates in the service configuration file. An example of the configuration file can be found [here](config/service_config.yml).\n\n* The following example shows how to run the service using a configuration file:\n    ```\n    ./auth -c service_config.yml\n    ```\n\n* To run the project using Docker, visit their [page](https://www.docker.com/get-started) to get started. Docker images are available under the [GitHub Packages](https://github.com/reugn/auth-server/packages).\n\n* Install `docker-compose` to get started with the examples.\n\n## Examples\nExamples are available under the [examples](examples) folder.\n\nTo run `auth-server` as a [Traefik](https://docs.traefik.io/) middleware:\n```\ncd examples/traefik\ndocker-compose up -d\n```\n\n## License\nLicensed under the Apache 2.0 License.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Freugn%2Fauth-server","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Freugn%2Fauth-server","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Freugn%2Fauth-server/lists"}