This project is a authentication server that authorize users using different authorizations flows.
It uses passport to authenticate user with different strategies (username-password, github, google...) and authorize users (using oaut2orize) to obtain access token and id_tokens to use in applications.
This authentication server support the following flows:
TBD
TBD
- docker
- docker-compose
docker-compose upAll the services required (server and db) will start. It can be configured on the docker-compose file.
- The server runs on
http://localhost:8080 - The database listen on the port
27018in case it is needed to access from outside the application, likemongodor other GUI for mongo. It uses a different port from the default27017to avoid collision wi exisitng running instances of mongo - Requires to setup the google and github dev keys. (see links section)
- passport
- passport-local
- passport-github
- passport-google-oauth
- passport-http-bearer
- passport-http
- oauth2orize
- oauth2orize-openid
- oauth2orize-audience
- flowstate
- [https://auth0.com/docs/flows/guides/implicit/call-api-implicit#authorize-the-user]
- [https://auth0.com/docs/flows/guides/implicit/call-api-implicit]
- [https://github.com/awais786327/oauth2orize-openid-examples]
- Google developers console
- Github Oauth apps
- deploy on heroku
- add tenants to separate clients
- set default audience when not passed
- use audience on code exchange
- proper error response
- separate clients with tenant concept
- set grants on ?clients? to show in consent form
- validate scopes to only allow registered scopes
- add api client credential authentication [https://auth0.com/docs/flows/guides/client-credentials/call-api-client-credentials]
- separate users on tenants
- separate views into separate project to use authentication
- separate api to different project that validates tokens
- nginx as loadbalancer / cors
- redesign form with better styles