Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/hummingbird-me/genkan

🔑 The future of Kitsu's Authentication
https://github.com/hummingbird-me/genkan

graphql kitsu oauth2 oauth2-server rails

Last synced: 3 months ago
JSON representation

🔑 The future of Kitsu's Authentication

Host: GitHub
URL: https://github.com/hummingbird-me/genkan
Owner: hummingbird-me
License: apache-2.0
Created: 2018-03-16T06:16:42.000Z (almost 7 years ago)
Default Branch: main
Last Pushed: 2023-01-19T11:16:48.000Z (about 2 years ago)
Last Synced: 2024-04-14T18:15:29.821Z (9 months ago)
Topics: graphql, kitsu, oauth2, oauth2-server, rails
Language: Ruby
Homepage:
Size: 603 KB
Stars: 13
Watchers: 6
Forks: 2
Open Issues: 19
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# Genkan (玄関)

Genkan is the Kitsu Authentication service, written as a standalone application in Rails 5, backed
by PostgreSQL. In terms of functionality, it sits somewhere between Devise and Doorkeeper, but
implemented as an application instead of a gem. Because it's implemented as a full Rails app, you
don't need to worry about dependency conflicts or naming collisions or any of that nonsense.

Simply fork Genkan, change the views, hook your own application up to the API, and you're set. To
update, just rebase.

## Models

### User Name

The `UserName` model maps case-insensitive user-friendly identifiers such as email addresses or
account names to a computer-provided User ID. The User ID is completely opaque to Genkan, and
it's up to you what string you wanna use. Kitsu uses auto-incrementing integers, but you don't have
to. If you use UUIDs for users, that works too.

### User Password

A user can have as many passwords as you want. The passwords are bcrypt-hashed before storage,
marked with a creation time, and you can mark them as invalid at any time.

### User Assertion ID

The OAuth2 Assertion Grant provides a flow for authorization where a client presents a valid token
from an external service (such as Twitter, Facebook, or Google) which can be verified by the server.
For this purpose, Genkan has a `UserAssertionID` model, which stores a mapping between an external
user ID and an internal user ID.

### Token

Genkan issues signed JWTs for all Tokens (using RS256 by default) but also stores their metadata in
a database table for revocation. For revocation to work, your application must use the API to
authenticate the token on each request.