{"id":26666810,"url":"https://github.com/tarent/loginsrv","last_synced_at":"2025-03-25T19:01:03.883Z","repository":{"id":45976050,"uuid":"73474882","full_name":"qvest-digital/loginsrv","owner":"qvest-digital","description":"JWT login microservice with plugable backends such as OAuth2, Google, Github, htpasswd, osiam, ..","archived":false,"fork":false,"pushed_at":"2021-02-27T06:20:06.000Z","size":549,"stargazers_count":1925,"open_issues_count":28,"forks_count":147,"subscribers_count":49,"default_branch":"master","last_synced_at":"2025-03-25T11:00:48.711Z","etag":null,"topics":["caddy","caddyserver","github","golang","htpasswd","jwt","login","oauth2","service"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/qvest-digital.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-11-11T12:11:21.000Z","updated_at":"2025-03-07T12:08:40.000Z","dependencies_parsed_at":"2022-07-18T08:13:16.929Z","dependency_job_id":null,"html_url":"https://github.com/qvest-digital/loginsrv","commit_stats":null,"previous_names":["qvest-digital/loginsrv","tarent/loginsrv"],"tags_count":6,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qvest-digital%2Floginsrv","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qvest-digital%2Floginsrv/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qvest-digital%2Floginsrv/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qvest-digital%2Floginsrv/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/qvest-digital","download_url":"https://codeload.github.com/qvest-digital/loginsrv/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245526458,"owners_count":20629835,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["caddy","caddyserver","github","golang","htpasswd","jwt","login","oauth2","service"],"created_at":"2025-03-25T19:00:38.134Z","updated_at":"2025-03-25T19:01:03.831Z","avatar_url":"https://github.com/qvest-digital.png","language":"Go","readme":"# loginsrv\n\nloginsrv is a standalone minimalistic login server providing a [JWT](https://jwt.io/) login for multiple login backends.\n\n[![Docker](https://img.shields.io/docker/pulls/tarent/loginsrv.svg)](https://hub.docker.com/r/tarent/loginsrv/)\n[![Build Status](https://github.com/tarent/loginsrv/workflows/test/badge.svg)](https://github.com/tarent/loginsrv/actions)\n[![Go Report Card](https://goreportcard.com/badge/github.com/tarent/loginsrv)](https://goreportcard.com/report/github.com/tarent/loginsrv)\n[![Coverage Status](https://coveralls.io/repos/github/tarent/loginsrv/badge.svg?branch=master)](https://coveralls.io/github/tarent/loginsrv?branch=master)\n[![Join the chat at https://gitter.im/tarent/loginsrv](https://badges.gitter.im/tarent/loginsrv.svg)](https://gitter.im/tarent/loginsrv?utm_source=badge\u0026utm_medium=badge\u0026utm_campaign=pr-badge\u0026utm_content=badge)\n\n\n__** Attention: Update to v1.3.0 for Google Login Update !!!! **__\n\nGoogle will stop support for the Google+ APIs. So we changed loginsrv to use the standard oauth endpoints for Google login.\nPlease update loginsrv to v1.3.0 if you are using google login.\n\n__** Attention: Since v1.3.0, pure HTTP is not supported by default **__\n\nSince v1.3.0, loginsrv sets the secure flag for the login cookie. So, if you use HTTP fo connect with the browser, e.g. for testing, you browser will ignore the cookie.\nUse the flag `-cookie-secure=false` when testing without HTTPS.\n\n## Abstract\n\nLoginsrv provides a minimal endpoint for authentication. The login is performed against the providers and returned as a JSON Web Token (JWT).\nIt can be used as:\n\n* Standalone microservice\n* Docker container\n* Golang library\n* [Caddy](http://caddyserver.com/) plugin. (See [caddy/README.md](./caddy/README.md) for details)\n\n![](.screenshot.png)\n\n## Supported Provider Backends\nThe following providers (login backends) are supported.\n\n* [Htpasswd](#htpasswd)\n* [OSIAM](#osiam)\n* [Simple](#simple) (user/password pairs by configuration)\n* [Httpupstream](#httpupstream)\n* [OAuth2](#oauth2)\n * GitHub login\n * Google login\n * Bitbucket login\n * Facebook login\n * Gitlab login\n\n## Questions\n\nFor questions and support please use the [Gitter chat room](https://gitter.im/tarent/loginsrv).\n\n[![Join the chat at https://gitter.im/tarent/loginsrv](https://badges.gitter.im/tarent/loginsrv.svg)](https://gitter.im/tarent/loginsrv?utm_source=badge\u0026utm_medium=badge\u0026utm_campaign=pr-badge\u0026utm_content=badge)\n\n## Configuration and Startup\n### Config Options\n\n_Note for Caddy users_: Not all parameters are available in Caddy. See the table for details. With Caddy, the parameter names can also be used with `_` in the names, e.g. `cookie_http_only`.\n\n| Parameter | Type | Default | Caddy | Description |\n|-----------------------------|-------------|--------------|-------|-------------------------------------------------------------------------------------------------------|\n| -cookie-domain | string | | X | Optional domain parameter for the cookie |\n| -cookie-expiry | string | session | X | Expiry duration for the cookie, e.g. 2h or 3h30m |\n| -cookie-http-only | boolean | true | X | Set the cookie with the HTTP only flag |\n| -cookie-name | string | \"jwt_token\" | X | Name of the JWT cookie |\n| -cookie-secure | boolean | true | X | Set the secure flag on the JWT cookie. (Set this to false for plain HTTP support) |\n| -github | value | | X | OAuth config in the form: client_id=..,client_secret=..[,scope=..][,redirect_uri=..] |\n| -google | value | | X | OAuth config in the form: client_id=..,client_secret=..[,scope=..][,redirect_uri=..] |\n| -bitbucket | value | | X | OAuth config in the form: client_id=..,client_secret=..[,scope=..][,redirect_uri=..] |\n| -facebook | value | | X | OAuth config in the form: client_id=..,client_secret=..[,scope=..][,redirect_uri=..] |\n| -gitlab | value | | X | OAuth config in the form: client_id=..,client_secret=..[,scope=..,][redirect_uri=..] |\n| -host | string | \"localhost\" | - | Host to listen on |\n| -htpasswd | value | | X | Htpasswd login backend opts: file=/path/to/pwdfile |\n| -jwt-expiry | go duration | 24h | X | Expiry duration for the JWT token, e.g. 2h or 3h30m |\n| -jwt-secret | string | \"random key\" | X | Secret used to sign the JWT token. (See [caddy/README.md](./caddy/README.md) for details.) |\n| -jwt-secret-file | string | | X | File to load the jwt-secret from, e.g. `/run/secrets/some.key`. **Takes precedence over jwt-secret!** |\n| -jwt-algo | string | \"HS512\" | X | Signing algorithm to use (ES256, ES384, ES512, RS256, RS384, RS512, HS256, HS384, HS512) |\n| -log-level | string | \"info\" | - | Log level |\n| -login-path | string | \"/login\" | X | Path of the login resource |\n| -logout-url | string | | X | URL or path to redirect to after logout |\n| -osiam | value | | X | OSIAM login backend opts: endpoint=..,client_id=..,client_secret=.. |\n| -port | string | \"6789\" | - | Port to listen on |\n| -redirect | boolean | true | X | Allow dynamic overwriting of the the success by query parameter |\n| -redirect-query-parameter | string | \"backTo\" | X | URL parameter for the redirect target |\n| -redirect-check-referer | boolean | true | X | Check the referer header to ensure it matches the host header on dynamic redirects |\n| -redirect-host-file | string | \"\" | X | A file containing a list of domains that redirects are allowed to, one domain per line |\n| -simple | value | | X | Simple login backend opts: user1=password,user2=password,.. |\n| -success-url | string | \"/\" | X | URL to redirect to after login |\n| -template | string | | X | An alternative template for the login form |\n| -text-logging | boolean | true | - | Log in text format instead of JSON |\n| -jwt-refreshes | int | 0 | X | The maximum number of JWT refreshes |\n| -grace-period | go duration | 5s | - | Duration to wait after SIGINT/SIGTERM for existing requests. No new requests are accepted. |\n| -user-file | string | | X | A YAML file with user specific data for the tokens. (see below for an example) |\n| -user-endpoint | string | | X | URL of an endpoint providing user specific data for the tokens. (see below for an example) |\n| -user-endpoint-token | string | | X | Authentication token used when communicating with the user endpoint |\n| -user-endpoint-timeout | go duration | 5s | X | Timeout used when communicating with the user endpoint |\n\n### Environment Variables\nAll of the above Config Options can also be applied as environment variables by using variables named this way: `LOGINSRV_OPTION_NAME`.\nSo e.g. `jwt-secret` can be set by environment variable `LOGINSRV_JWT_SECRET`.\n\n### Startup Examples\nThe simplest way to use loginsrv is by the provided docker container.\nE.g. configured with the simple provider:\n```sh\n$ docker run -d -p 8080:8080 tarent/loginsrv -cookie-secure=false -jwt-secret my_secret -simple bob=secret\n\n$ curl --data \"username=bob\u0026password=secret\" 127.0.0.1:8080/login\neyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJib2IifQ.uWoJkSXTLA_RvfLKe12pb4CyxQNxe5_Ovw-N5wfQwkzXz2enbhA9JZf8MmTp9n-TTDcWdY3Fd1SA72_M20G9lQ\n```\n\nThe same configuration could be written with environment variables this way:\n```sh\n$ docker run -d -p 8080:8080 -E COOKIE_SECURE=false -e LOGINSRV_JWT_SECRET=my_secret -e LOGINSRV_BACKEND=provider=simple,bob=secret tarent/loginsrv\n```\n\n## API\n\n### GET /login\n\nPer default, it returns a simple bootstrap styled login form for unauthenticated requests and a page with user info for authenticated requests.\nWhen the call accepts a JSON output, the json content of the token is returned to authenticated requests.\n\nThe returned HTML follows the UI composition conventions from (lib-compose)[https://github.com/tarent/lib-compose],\nso it can be embedded into an existing layout.\n\n| Parameter-Type | Parameter | Description | | \n| ------------------|--------------------------------------------------|-------------------------------------------------------------------|--------------|\n| Http-Header | Accept: text/html | Return the login form or user html. | default |\n| Http-Header | Accept: application/json | Return the user Object as json, or 403 if not authenticated. | |\n\n### GET /login/\u003cprovider\u003e\n\nStarts the OAuth Web Flow with the configured provider. E.g. `GET /login/github` redirects to the GitHub login form.\n\n### POST /login\n\nPerforms the login and returns the JWT. Depending on the content-type and parameters, a classical JSON-Rest or a redirect can be performed.\n\n#### Runtime Parameters\n\n| Parameter-Type | Parameter | Description | | \n| ------------------|--------------------------------------------------|-------------------------------------------------------------------|--------------|\n| Http-Header | Accept: text/html | Set the JWT as a cookie named 'jwt_token' | default |\n| Http-Header | Accept: application/jwt | Returns the JWT within the body. No cookie is set | |\n| Http-Header | Content-Type: application/x-www-form-urlencoded | Expect the credentials as form encoded parameters | default |\n| Http-Header | Content-Type: application/json | Take the credentials from the provided JSON object | |\n| Post-Parameter | username | The username | |\n| Post-Parameter | password | The password | |\n| Get or Post | backTo | Dynamic redirect target after login (see (Redirects)[#redirects]) | -success-url |\n\n#### Possible Return Codes\n\n| Code | Meaning | Description |\n|------| ----------------------|---------------------------------------------------------------------------------------------------------------------------|\n| 200 | OK | Successfully authenticated |\n| 403 | Forbidden | The credentials are wrong |\n| 400 | Bad Request | Missing parameters |\n| 500 | Internal Server Error | Internal error, e.g. the login provider is not available or failed |\n| 303 | See Other | Sets the JWT as a cookie, if the login succeeds and redirect to the URLs provided in `redirectSuccess` or `redirectError` |\n\nHint: The status `401 Unauthorized` is not used as a return code to not conflict with an HTTP Basic authentication.\n\n#### JWT-Refresh\n\nIf the POST-Parameters for username and password are missing and a valid JWT-Cookie is part of the request, then the JWT-Cookie is refreshed.\nThis only happens if the jwt-refreshes config option is set to a value greater than 0. \n\n### DELETE /login\n\nDeletes the JWT cookie.\n\nFor simple usage in web applications, this can also be called by `GET|POST /login?logout=true`\n\n### API Examples\n\n#### Example:\nDefault is to return the token as Content-Type application/jwt within the body.\n```sh\ncurl -i --data \"username=bob\u0026password=secret\" http://127.0.0.1:6789/login\nHTTP/1.1 200 OK\nContent-Type: application/jwt\nDate: Mon, 14 Nov 2016 21:35:42 GMT\nContent-Length: 100\n\neyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJib2IifQ.-51G5JQmpJleARHp8rIljBczPFanWT93d_N_7LQGUXU\n```\n\n#### Example: Credentials as JSON\nThe credentials can also be sent JSON encoded.\n```sh\ncurl -i -H 'Content-Type: application/json' --data '{\"username\": \"bob\", \"password\": \"secret\"}' http://127.0.0.1:6789/login\nHTTP/1.1 200 OK\nContent-Type: application/jwt\nDate: Mon, 14 Nov 2016 21:35:42 GMT\nContent-Length: 100\n\neyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJib2IifQ.-51G5JQmpJleARHp8rIljBczPFanWT93d_N_7LQGUXU\n```\n\n#### Example: web based flow with 'Accept: text/html'\nSets the JWT as a cookie and redirects to a web page.\n```sh\ncurl -i -H 'Accept: text/html' --data \"username=bob\u0026password=secret\" http://127.0.0.1:6789/login\nHTTP/1.1 303 See Other\nLocation: /\nSet-Cookie: jwt_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJib2IifQ.-51G5JQmpJleARHp8rIljBczPFanWT93d_N_7LQGUXU; HttpOnly\n```\n\n#### Example: AJAX call with JQuery to fetch a JWT token and create a cookie from it\nCreates a cookie from a successful API call to login.\n```js\n$.ajax({\n\turl: \"http://localhost:8080/login\",\n\ttype: 'POST',\n\tdataType: 'text',\n\tcontentType: 'application/json',\n\tdata: JSON.stringify( { \n\t\t'username': 'demo', \n\t\t'password': 'demo'\n\t}),\n\tsuccess: function(data) {\n\t\tdocument.cookie = \"jwt_token=\" + data + \";path=/\";\n\t},\n\terror: function (xhr, ajaxOptions, thrownError) {\n\t}\n});\n```\nMake sure your main page has JQuery:\n```html\n\u003cscript src=\"https://code.jquery.com/jquery-3.3.1.min.js\"\u003e\u003c/script\u003e\n```\n\n### Redirects\n\nThe API has support for a redirect query parameter, e.g. `?backTo=/dynamic/return/path`. For security reasons, the default behaviour is very restrictive:\n\n* Only local redirects (same host) are allowed.\n* The `Referer` header is checked to ensure that the call to the login page came from the same page.\n\nThese restrictions are there, to prevent you from unchecked redirect attacks, e.g. phishing or login attacks.\nIf you know, what you are doing, you can disable the `Referer` check with `--redirect-check-referer=false` and provide a whitelist file\nfor allowed external domains with `--redirect-host-file=/some/domains.txt`.\n\n## The JWT Token\nDepending on the provider, the token may look as follows:\n```json\n{\n \"sub\": \"smancke\",\n \"picture\": \"https://avatars2.githubusercontent.com/u/4291379?v=3\",\n \"name\": \"Sebastian Mancke\",\n \"email\": \"s.mancke@tarent.de\",\n \"origin\": \"github\"\n}\n```\n\n## Provider Backends\n\n### Htpasswd\nAuthentication against htpasswd file. MD5, SHA1 and Bcrypt are supported. But we recommend to only use Bcrypt for security reasons (e.g. `htpasswd -B -C 15`).\n\nParameters for the provider:\n\n| Parameter-Name | Description |\n| ------------------|----------------------------|\n| file | Path to the password file (multiple files can be used by separating them with ';') |\n\nExample:\n```sh\nloginsrv -htpasswd file=users\n```\n\n### Httpupstream\nAuthentication against an upstream HTTP server by performing a HTTP Basic authentication request and checking the response for a HTTP 200 OK status code. Anything other than a 200 OK status code will result in a failure to authenticate.\n\nParameters for the provider:\n\n| Parameter-Name | Description |\n| ------------------|---------------------------------------------------------------------------|\n| upstream | HTTP/HTTPS URL to call |\n| skipverify | True to ignore TLS errors (optional, false by default) |\n| timeout | Request timeout (optional 1m by default, go duration syntax is supported) |\n\nExample:\n```sh\nloginsrv -httpupstream upstream=https://google.com,timeout=1s\n```\n\n### OSIAM\n[OSIAM](https://github.com/osiam/osiam) is a secure identity management solution providing REST based services for authentication and authorization.\nIt implements the multiple OAuth2 flows, as well as SCIM for managing the user data.\n\nTo start loginsrv against the default OSIAM configuration on the same machine, use the following example.\n```sh\nloginsrv --jwt-secret=jwtsecret --text-logging -osiam endpoint=http://localhost:8080,client_id=example-client,client_secret=secret'\n```\n\nThen go to http://127.0.0.1:6789/login and login with `admin/koala`.\n\n### Simple\nSimple is a demo provider for testing only. It holds a user/password table in memory.\n\nExample\n```sh\nloginsrv -simple bob=secret\n```\n\n## OAuth2\n\nThe OAuth Web Flow (aka 3-legged-OAuth flow) is also supported.\nCurrently the following OAuth provider is supported:\n\n* GitHub\n* Google\n* Bitbucket\n* Facebook\n* Gitlab\n\nAn OAuth provider supports the following parameters:\n\n| Parameter-Name | Description |\n| ------------------|----------------------------------------|\n| client_id | OAuth Client ID |\n| client_secret | OAuth Client Secret |\n| scope | Space separated scope List (optional) |\n| redirect_uri | Alternative Redirect URI (optional) |\n\nWhen configuring the OAuth parameters at your external OAuth provider, a redirect URI has to be supplied. This redirect URI has to point to the path `/login/\u003cprovider\u003e`.\nIf not supplied, the OAuth redirect URI is calculated out of the current URL. This should work in most cases and should even work\nif loginsrv is routed through a reverse proxy, if the headers `X-Forwarded-Host` and `X-Forwarded-Proto` are set correctly.\n\n### GitHub Startup Example\n```sh\n$ docker run -p 80:80 tarent/loginsrv -github client_id=xxx,client_secret=yyy\n```\n\n## Templating\n\nA custom template can be supplied by the parameter `template`. \nYou can find the original template in [login/login_form.go](https://github.com/tarent/loginsrv/blob/master/login/login_form.go).\n\nThe templating uses the Golang template package. A short intro can be found [here](https://astaxie.gitbooks.io/build-web-application-with-golang/en/07.4.html).\n\nWhen you specify a custom template, only the layout of the original template is replaced. The partials of the original are still loaded into the template context and can be used by your template. So a minimal unstyled login template could look like this:\n\n```html\n\u003c!DOCTYPE html\u003e\n\u003chtml\u003e\n \u003chead\u003e\n \u003c!-- your styles --\u003e\n \u003chead\u003e\n \u003cbody\u003e\n \u003c!-- your header --\u003e\n\n {{ if .Error}}\n \u003cdiv class=\"alert alert-danger\" role=\"alert\"\u003e\n \u003cstrong\u003eInternal Error. \u003c/strong\u003e Please try again later.\n \u003c/div\u003e\n {{end}}\n\n {{if .Authenticated}}\n\n {{template \"userInfo\" . }}\n\n {{else}}\n\n {{template \"login\" . }}\n\n {{end}}\n\n \u003c!-- your footer --\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n```\n\n## Custom claims\n\nTo customize the content of the JWT token either a file wich contains\nuser data or an endpoint providing claims can be provided.\n\n### User file\n\nA user file is a YAML file which contains additional information which\nis encoded in the token. After successful authentication against a\nbackend system, the user is searched within the file and the content\nof the claims parameter is used to enhance the user JWT claim\nparameters.\n\nTo match an entry, the user file is searched in linear order and all attributes has to match\nthe data of the authentication backend. The first matching entry will be used and all parameters\nbelow the claim attribute are written into the token. The following attributes can be used for matching:\n* `sub` - the username (all backends)\n* `origin` - the provider or backend name (all backends)\n* `email` - the mail address (the OAuth provider)\n* `domain` - the domain (Google only)\n* `groups` - the full path string of user groups enclosed in an array (Gitlab only)\n\nExample:\n* The user bob will become the `\"role\": \"superAdmin\"`, when authenticating with htpasswd file\n* The user admin@example.org will become `\"role\": \"admin\"` and `\"projects\": [\"example\"]`, when authenticating with Google OAuth\n* All other Google users with the domain example will become `\"role\": \"user\"` and `\"projects\": [\"example\"]`\n* All other Gitlab users with group `example/subgroup` and `othergroup` will become `\"role\": \"admin\"`.\n* All others will become `\"role\": \"unknown\"`, independent of the authentication provider\n\n```yaml\n- sub: bob\n origin: htpasswd\n claims:\n role: superAdmin\n\n- email: admin@example.org\n origin: Google\n claims:\n role: admin\n projects:\n - example\n\n- domain: example.org\n origin: Google\n claims:\n role: user\n projects:\n - example\n\n- groups:\n - example/subgroup\n - othergroup\n origin: gitlab\n claims:\n role: admin\n\n- claims:\n role: unknown\n```\n\n### User endpoint\n\nA user endpoint is a http endpoint which provides additional\ninformation on an authenticated user. After successful authentication\nagainst a backend system, the endpoint gets called and the provided\ninformation is used to enhance the user JWT claim parameters.\n\nloginsrv passes these parameters to the endpoint:\n* `sub` - the username (all backends)\n* `origin` - the provider or backend name (all backends)\n* `email` - the mail address (the OAuth provider)\n* `domain` - the domain (Google only)\n* `groups` - the full path string of user groups enclosed in an array (Gitlab only)\n\nAn interaction looks like this\n\n```http\nGET /claims?origin=google\u0026sub=test@example.com\u0026email=test@example.com HTTP/1.1\nHost: localhost:8080\nAccept: */*\nAuthorization: Bearer token\n\nHTTP/1.1 200 OK\nContent-Type: application/json\n\n{\n \"sub\":\"test@example.com\",\n \"uid\":\"113\",\n \"origin\":\"google\",\n \"permissions\": [\"read\", \"write\"]\n}\n```\n","funding_links":[],"categories":["Authentication and Authorization","Authentication and OAuth","身份验证和OAuth","认证和授权","认证和OAuth授权","Uncategorized","Go","認證和授權","Authentication \u0026 OAuth","\u003cspan id=\"身份验证和oauth-authentication-and-auth\"\u003e身份验证和OAuth Authentication and Auth\u003c/span\u003e"],"sub_categories":["Contents"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftarent%2Floginsrv","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftarent%2Floginsrv","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftarent%2Floginsrv/lists"}