/authenticator

A stand-alone gRPC based authentication API. Easily integrate authentication into any custom project. Authenticator takes care of user credential storage and checking. It generates JSON Web tokens for users, which easily can be verified by other servers in your ecosystem using performant and secure EdDSA public key cryptography.

Primary LanguageGoBSD 3-Clause "New" or "Revised" LicenseBSD-3-Clause

Build Status codecov GoDoc Go Report Card

Archived

My intentions to where to develop an opensource drop-in solution for authentication. As I was searching to evolve this project to implement more standards than just JWTs, (like OAuth2, OpenID connect etc), I came across this wonderfull product that did already did most off this and have a roadmap with everything I could possbily dream of this project ever becomming: https://github.com/zitadel/zitadel. As they are a company with a good team there was no way I was ever going to catch up with their development speed alone. Hence, I decided to join them :).

Therefore I don't see any merrit continuing this project anymore. Thanks for those few stars and if you need something better, be be sure to checkout ZITADEL and their open-source or commercial offerings!


Authenticator

A stand-alone gRPC based authentication API. Easily integrate authentication into any custom project. Authenticator takes care of user credential storage and checking. It generates JSON Web tokens for users, which easily can be verified by other servers in your ecosystem using performant and secure EdDSA public key cryptography.

Benefits:

  • Added security, the user credentials live in a seperate database schema as you application's one. Creating a strict seperation in database access;
  • No more password checking logic in you application. Just send a API call to authenticator and check the generated token on each subseqeuent request;

Fautures

  • gRPC based, simply implement a client in your own preferred language by compiling protobuffer files;
  • Support for master/slave database setups using our own MultiDB library;
  • Admin panel for user management;
  • A basic HTTP based login server, based on redirects;
  • Argon2 hashed password storage;
  • User groups and "audiences" for fine grained authorization checking;
  • Comes with the verify Go library, which has ready to use token verification methods to integration even easier;

Status

This project is still under heavy development. We've recently deployed a beta version of the gRPC and admin server.

Future plans

  • Two factor authentication
  • OAuth2 provider support

Development

When developing against Authenticator, there is a docker-compose.yml file which sets up a development infrastructure. It start a postgresql instance, runs the neccesary migrations and start the server instances. You can download the Compose file or run this from the root of the repository:

docker compose up
  • The authenticator gRPC server will be served at port 8765.
  • The admin interface will be served at port 1234.

The defaut user is "admin@localhost", password "admin", member of the group "primary" and audience "authenticator".

Protocol buffers

The authenticator server uses gRPC through protocol buffers generation. To regenerate the gRPC definitions, run:

protoc --go_out=plugins=grpc:$(go env GOPATH)/src authenticator.proto