{"id":22213962,"url":"https://github.com/xmlking/trust-broker","last_synced_at":"2025-03-25T06:23:54.107Z","repository":{"id":36572500,"uuid":"40878433","full_name":"xmlking/trust-broker","owner":"xmlking","description":"Multi Identity Provider - OAuth, JSON Web Token, Facebook, Google","archived":false,"fork":false,"pushed_at":"2015-09-19T20:31:07.000Z","size":208,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-01-30T05:43:18.306Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/xmlking.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-08-17T08:41:39.000Z","updated_at":"2020-04-18T08:19:58.000Z","dependencies_parsed_at":"2022-09-08T20:00:16.411Z","dependency_job_id":null,"html_url":"https://github.com/xmlking/trust-broker","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xmlking%2Ftrust-broker","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xmlking%2Ftrust-broker/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xmlking%2Ftrust-broker/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xmlking%2Ftrust-broker/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/xmlking","download_url":"https://codeload.github.com/xmlking/trust-broker/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245409535,"owners_count":20610545,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-02T21:12:44.613Z","updated_at":"2025-03-25T06:23:54.080Z","avatar_url":"https://github.com/xmlking.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"## Trust Broker - JWT Issuer\n\nMulti Identity Provider / Broker - take username/password, APIKey, Facebook or Google identity; issue **JSON Web Token.**\n\n\n### Features \n\n1. Provide `granular security` and `multitenancy` for your SaaS APIs.\n2. Support pluggable authenticate strategies ranging from \n  1. verifying a username and password with DB or LDAP\n  2. delegated authentication using OAuth or \n  3. federated authentication using OpenID Connect.\n3. Account locking \n  1. user's account will be \"locked\" after some number of consecutive failed login attempts.\n  2. user's account will become unlocked once a sufficient amount of time has passed.\n  3. system will expose the reason for a failed login attempt to the application.\n4. Authorization middleware - support annotations driven access control.\n  1. Role based access control - `isAdmin`, `hasAnyRoles`, `hasAllRoles`\n  2. Scope based access control - `hasAnyScopes`, `hasAllScopes`\n  2. Resource owner access control (ACL) - `isAdminOrSelf`\n  \n### Prerequisite \n\n```bash\n# install MongoDB\nbrew install mongodb\n\n# install Node (tested with node v4.1.0)\nbrew install node\n\n# install Babel\nnpm install -g babel\n\n# install npm dependencies  \nnpm install\n\n# generate public and private keys for JWT\nopenssl genrsa -out  .ssh/auth.rsa 1024\nopenssl rsa -in .ssh/auth.rsa -pubout \u003e .ssh/auth.rsa.pub\n\n# generate ssl key and cert for HTTPS\nopenssl genrsa 1024 \u003e .ssh/server.pem\n\nopenssl req -new -key .ssh/server.pem -out .ssh/csr.pem\nopenssl x509 -req -days 365 -in .ssh/csr.pem -signkey .ssh/server.pem -out .ssh/server.crt\n```\n\n### Getting Started\n\n1. To start the MongoDB \n\n    ```bash\n    mongod -f data/mongod.yml\n    ```\n    \n2. To start the server.\n    \n    ```bash\n    npm start\n    # to run with dev env settings\n    NODE_ENV=DEV npm start\n    # to run with prod env settings\n    NODE_ENV=PROD npm start\n    # to debug routes\n    DEBUG=koa-router npm start\n    ```\n    \n### Test\n\n```bash\n$ curl https://localhost:8443/api/v1/users\n# You don't have a signed token dude :(\n$ curl -X POST -H \"Content-Type: application/json\" https://localhost:8443/auth/login -d '{\"username\": \"root\", \"password\": \"root0Demo\"}'\n# {\"token\": \"verylongtokenstring :)\"}\n$ curl -H \"Authorization: Bearer verylongtokenstring :)\" https://localhost:8443/api/v1/users\n# You are logged in dude! Welcome!\n$ curl -X POST -H \"Authorization: Bearer verylongtokenstring :)\" https://localhost:8443/api/v1/users -d '{\"username\": \"sumo5\", \"password\": \"sumo5Demo\",\"name\": \"sumo5 demo\",\"provider\": \"local\",\"email\": \"sumo5@gmail.com\",\"roles\": [\"user\"]}'\n# An account is created\n```\n\nverify signature at http://jwt.io/\n\n### Development \ncreate `config/local.yml` file to keep your sensitive config data for local development environment. \n\n*Don't check-in this file into Source Code Control System.*\n\n```yml\n# mongodb\nmongo:\n  options:\n#    user: myUserName\n#    pass: myPassword\n\n# Passport\npassport:\n  facebook:\n    clientID: 1231231313\n    clientSecret: fsfsfsfsfsfsfsf\n    callbackURL: https://localhost:8443/auth/facebook/callback\n  google:\n    clientID: sdfsfsfds\n    clientSecret: fsdfdsfsfsfsdf\n    callbackURL: https://localhost:8443/auth/google/callback\n```\n\n### Tips\n\nUse Chrome [Postman](https://chrome.google.com/webstore/detail/postman/fhbjgbiflinjbdggehcddcbncdddomop) for REST API testing.\n\nSince you are using self-signed SSL Certs, first try to access URL in chrome and accept the cert, before trying in Postman.  \n\n### Known Issues \n* Manually fix `'/(.*)' --\u003e '(.*)'` koa-router code as described [here](https://github.com/alexmingoia/koa-router/issues/167)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxmlking%2Ftrust-broker","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fxmlking%2Ftrust-broker","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxmlking%2Ftrust-broker/lists"}