Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/curveball/a12n-server

An open source lightweight OAuth2 server
https://github.com/curveball/a12n-server

2fa authentication hacktoberfest javascript mfa oauth2 pkce totp typescript webauthn

Last synced: about 2 months ago
JSON representation

An open source lightweight OAuth2 server

Host: GitHub
URL: https://github.com/curveball/a12n-server
Owner: curveball
License: apache-2.0
Created: 2018-09-04T13:40:56.000Z (about 6 years ago)
Default Branch: main
Last Pushed: 2024-07-30T17:17:13.000Z (about 2 months ago)
Last Synced: 2024-07-30T19:31:44.208Z (about 2 months ago)
Topics: 2fa, authentication, hacktoberfest, javascript, mfa, oauth2, pkce, totp, typescript, webauthn
Language: TypeScript
Homepage:
Size: 4.19 MB
Stars: 436
Watchers: 17
Forks: 47
Open Issues: 19
Metadata Files:
- Readme: README.md
- Changelog: changelog.md
- Contributing: .github/CONTRIBUTING.md
- License: LICENSE
- Code of conduct: .github/CODE_OF_CONDUCT.md

Awesome Lists containing this project

README

        Authentication API

==================

This package aims to provide a simple authentication system. The goal is to

provide a simple authentication system for developers considering building

their own.

The project implements OAuth2 standards where applicable.

![a12n-server home screenshot](https://raw.githubusercontent.com/curveball/a12n-server/master/docs/screenshot-0.19.png)

Requirements

------------

* Node.js 16.x

* MySQL, Postgres or Sqlite

Try it out!

-----------

You can quickly get a test server up and running by running these commands:

```sh

mkdir a12n-server

cd a12n-server

npx @curveball/a12n-server

```

This will automatically create a configuration file and sqlite database in the

current directory.

Then, just open [http://localhost:8531/](http://localhost:8531/) to create

your admin account.

Features

--------

* A simple browseable API.

* OAuth2

  * Supported grants: `implicit`, `client_credentials`, `authorization_code`

    and `password`.

  * [OAuth2 discovery document][1].

  * [PKCE][3].

  * [OAuth 2 Token Introspection][2].

  * [JSON Web Key Sets][4].

  * [OAuth2 Token Revocation][5]

  * [RFC 9068][7] - JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens.

  * [OAuth 2.0 Multiple Response Type Encoding Practices](https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html)

* MFA

  * Google Authenticator (TOTP).

  * WebauthN / Yubikeys

* A simple, flat, permission model.

* Registration, lost password.

* [`secret-token:` URI scheme][6]

Documentation

-------------

Check out the [Docs folder](https://github.com/curveball/a12n-server/tree/master/docs)

The state of this project

-------------------------

If you are thinking of building a new authentication system, and decide to use

this project instead, you get a lot of features for free.

The project has been used in production since 2018 and is still actively

developed.

[1]: https://tools.ietf.org/html/rfc8414 "OAuth 2.0 Authorization Server Metadata"

[2]: https://tools.ietf.org/html/rfc7662 "OAuth 2 Token Introspection"

[3]: https://tools.ietf.org/html/rfc7636 "Proof Key for Code Exchange by OAuth Public Clients"

[4]: https://auth0.com/docs/secure/tokens/json-web-tokens/json-web-key-sets

[5]: https://datatracker.ietf.org/doc/html/rfc7009

[6]: https://datatracker.ietf.org/doc/html/rfc8959

[7]: https://www.rfc-editor.org/rfc/rfc9068 "JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens"