Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/eznix86/nostr-auth

Authentication Server with Nostr
https://github.com/eznix86/nostr-auth

authentication authorization nostr

Last synced: 3 months ago
JSON representation

Authentication Server with Nostr

Awesome Lists containing this project

README 

          
# Nostr Auth



![Demo GIF](./art/demo.gif)



Nostr Auth lets you keep your identity while providing a simple way to manage access to your platforms. It makes your identity portable across web applications, so you can use Nostr-based authentication with existing services — without introducing unnecessary complexity.



## Why Nostr Auth?



Existing authentication solutions are powerful and widely adopted in the web2 world, but they are not always a natural fit for Nostr-based users. Nostr Auth sits in front of your existing web applications and adds a Nostr-based authentication layer, so you can protect resources while preserving your users' portable identity.



## Use Cases



- Adding Nostr authentication to existing web applications

- Protecting internal or private resources

- Enabling identity-based access control for Nostr users

- Protecting multiple configured upstream domains behind a single auth app



> [!NOTE]

> This version uses cookie-based authentication for the auth app itself, but it can still protect multiple configured upstream domains through the forward-auth flow. Redirect targets are restricted to domains configured under `auth.apps`.



## Requirements



- [Taskfile](https://taskfile.dev/)

- Go 1.26+

- Overmind (`go install github.com/air-verse/air@latest`)

- Air (`go install github.com/air-verse/air@latest`)

- Golangci-lint (`go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@latest`)

- [bun](https://bun.sh/)

- Docker and Docker Compose (to try demo)



## Running Locally



- Fork

- `bun install`

- `go install`

- `cp config.json.example config.json`

- Edit the `config.json`

- `cp .env.example .env`

- Edit the `.env`

- `task dev`



Should be available on http://localhost:3000



## Config



`config.json` controls both access rules and branding.



```json

{

  "auth": {

    "enabled": true,

    "groups": {

      "admins": [

        "npub1..."

      ]

    },

    "apps": {

      "default": {

        "config": {

          "domains": [

            "app.example.com"

          ]

        },

        "users": [

          "group:admins"

        ]

      },

      "public": {

        "config": {

          "domains": [

            "demo.example.com"

          ]

        },

        "users": [

          "*"

        ]

      }

    }

  },

  "branding": {

    "background": {

      "source": {

        "type": "preset",

        "variant": "canyon-falls"

      }

    }

  }

}

```



- `auth.enabled` turns authorization on or off

- `auth.groups` defines reusable user groups with `npub`, hex public keys, or nested `group:` references

- `auth.apps` defines which domains are protected and which users or groups can access them

- `auth.apps.*.users` accepts `*` to allow any authenticated Nostr user for that app's configured domain

- `auth.apps.*.config.domain` or `auth.apps.*.config.domains` also define the allowed post-login redirect targets

- `branding.background.source.type` currently supports `preset`

- `branding.background.source.variant` can be `canyon-falls` (default), `fields-road`, `mountain-valley`, or `storm-valley`

- if `branding` is omitted, the app falls back to `canyon-falls`



> [!IMPORTANT]

> Authorization is pubkey-based. NIP-05 values are not supported in authorization rules and are ignored with a warning because they are not a safe basis for access control.



## Testing Demo



- `bun install`

- `go install`

- `task demo` — check out the examples [README.md](./examples/proxy/README.md)



## Supports



- Kubernetes Gateway API

- Kubernetes Ingress

- Nginx

- Traefik

- Envoy

- Caddy



## License



[MIT](./LICENSE)



## Credits



- Photo by Wil Stewart on Unsplash



- Photo by Sandeep Ramgolam on Wallpapers