bosssauce / Access
Licence: bsd-3-clause
Ponzu Addon to manage API access grants and tokens for authentication
Stars: ✭ 13
Projects that are alternatives of or similar to Access
Express Mongodb Rest Api Boilerplate
A boilerplate for Node.js apps / Rest API / Authentication from scratch - express, mongodb (mongoose).
Stars: ✭ 153 (+1076.92%)
Mutual labels: authentication, jwt, authorization, token
Spring Security Pac4j
pac4j security library for Spring Security: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
Stars: ✭ 231 (+1676.92%)
Mutual labels: authentication, jwt, authorization
Awesome Iam
👤 Identity and Access Management Knowledge for Cloud Platforms
Stars: ✭ 186 (+1330.77%)
Mutual labels: authentication, jwt, authorization
Github Create Token
Create a Github OAuth access token.
Stars: ✭ 6 (-53.85%)
Mutual labels: authentication, authorization, token
Auth0.js
Auth0 headless browser sdk
Stars: ✭ 755 (+5707.69%)
Mutual labels: authentication, jwt, authorization
Security.identity
.NET DevPack Identity is a set of common implementations to help you implementing Identity, Jwt, claims validation and another facilities
Stars: ✭ 165 (+1169.23%)
Mutual labels: authentication, jwt, authorization
Express Graphql Mongodb Boilerplate
A boilerplate for Node.js apps / GraphQL-API / Authentication from scratch - express, graphql - (graphql compose), mongodb (mongoose).
Stars: ✭ 288 (+2115.38%)
Mutual labels: authentication, authorization, token
Spring Webmvc Pac4j
Security library for Spring Web MVC: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
Stars: ✭ 110 (+746.15%)
Mutual labels: authentication, jwt, authorization
Play Pac4j
Security library for Play framework 2 in Java and Scala: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
Stars: ✭ 375 (+2784.62%)
Mutual labels: authentication, jwt, authorization
Buji Pac4j
pac4j security library for Shiro: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
Stars: ✭ 444 (+3315.38%)
Mutual labels: authentication, jwt, authorization
Paseto
Platform-Agnostic Security Tokens implementation in GO (Golang)
Stars: ✭ 461 (+3446.15%)
Mutual labels: authentication, jwt, token
Spark Pac4j
Security library for Sparkjava: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
Stars: ✭ 154 (+1084.62%)
Mutual labels: authentication, jwt, authorization
Cerberus
A demonstration of a completely stateless and RESTful token-based authorization system using JSON Web Tokens (JWT) and Spring Security.
Stars: ✭ 482 (+3607.69%)
Mutual labels: authentication, jwt, authorization
Pac4j
Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
Stars: ✭ 2,097 (+16030.77%)
Mutual labels: authentication, jwt, authorization
Mern Boilerplate
Fullstack boilerplate with React, Redux, Express, Mongoose, Passport Local, JWT, Facebook and Google OAuth out of the box.
Stars: ✭ 112 (+761.54%)
Mutual labels: authentication, jwt, authorization
Sureness
A simple and efficient open-source security framework that focus on protection of restful api.
Stars: ✭ 254 (+1853.85%)
Mutual labels: authentication, jwt, authorization
Spring Security React Ant Design Polls App
Full Stack Polls App built using Spring Boot, Spring Security, JWT, React, and Ant Design
Stars: ✭ 1,336 (+10176.92%)
Mutual labels: authentication, jwt, authorization
Express Jwt
An example API for creating/verifying json web tokens
Stars: ✭ 105 (+707.69%)
Mutual labels: authentication, jwt, authorization
Securing Restful Apis With Jwt
How to secure a Nodejs RESTful CRUD API using JSON web tokens?
Stars: ✭ 301 (+2215.38%)
Mutual labels: authentication, jwt, authorization
Cloudfront Auth
An AWS CloudFront [email protected] function to authenticate requests using Google Apps, Microsoft, Auth0, OKTA, and GitHub login
Stars: ✭ 471 (+3523.08%)
Mutual labels: authentication, jwt, authorization
access
Ponzu Addon to manage API access grants and tokens for authentication
Installation:
$ ponzu add github.com/bosssauce/access
Usage
// content/user.go
package content
import (
"github.com/bosssauce/access"
// ...
)
type User struct {
// ...
Email string `json:"email"`
AccountStatus string `json:"account_status"`
}
// create a grant for a user after one has been created via API call
func (u *User) AfterAPICreate(res http.ResponseWriter, req *http.Request) error {
// create an access configuration including the duration after which the
// token will expire, the ResponseWriter to write the token to, and which
// of the req.Header or req.Cookie{}
cfg := &access.Config{
ExpireAfter: time.Hour * 24 * 7,
ResponseWriter: res,
TokenStore: req.Header,
}
// Grant access to the user based on the request
grant, err := access.Grant(u.Email, req.PostFormValue("password"), cfg)
if err != nil {
return err
}
fmt.Printf(
"The access token for user (%s) is: %s\n",
grant.Key, grant.Token,
)
return nil
}
Then, from other content type files:
// content/private_event.go
package content
import (
"github.com/bosssauce/access"
// ...
)
type PrivateEvent struct {
// ...
OrganizerEmail string
Location string
Duration int
Rsvps []string
}
func (e *PrivateEvent) BeforeAPICreate(res http.ResponseWriter, req *http.Request) error {
if !access.IsGranted(req, req.Header) {
return fmt.Errorf(
"no access grant or valid token in request from: %s",
req.RemoteAddr,
)
}
// request contains proper, valid token
return nil
}
func (e *PrivateEvent) BeforeAPIUpdate(res http.ResponseWriter, req *http.Request) error {
if !access.IsOwner(req, req.Header, e.OrganizerEmail) {
return fmt.Errorf(
"grant provided is not owner of PrivateEvent, from %s",
req.RemoteAddr,
)
}
// request contains proper, valid token
return nil
}
Motivation
Some Ponzu content types need to be kept locked down and only accessible to
specific users or other owners. The access addon makes it easy to create a
token-based access grant provided to a user, and then control the flow of data
output through Ponzu's content API through package methods like access.IsGranted
and access.IsOwner. Once a grant has been given to a request and returned via
the response, the provided token is used to make follow-on requests for content
which may be otherwise hidden, have omitted fields, or block create/update/delete operations.
API
APIAccess is the data for an API access grant
type APIAccess struct {
Email string `json:"email"`
Hash string `json:"hash"`
Salt string `json:"salt"`
Token string `json:"token"`
}
Config contains settings for token creation and validation
type Config struct {
ExpireAfter time.Duration
ResponseWriter http.ResponseWriter
TokenStore reqHeaderOrHTTPCookie
CustomClaims map[string]interface{} // claims to add to your token
SecureCookie bool // optional, if using http.Cookie{} as TokenStore
}
-
Note: The
TokenStore reqHeaderOrHTTPCookiefield withinConfigis aninterface{}used to declare the means by which a token is sent and checked by theaccessaddon. Setting it to thereq.Headerwill add an"Authorization: Beader $TOKEN"header to the response, and alternatively setting theTokenStoreto anhttp.Cookie{}will add the token in a cookie named_apiAccessTokento the response.
Grant creates a new APIAccess and saves it to the __apiAccess bucket in the database
and if an existing APIAccess grant is encountered in the database, Grant attempts
to update the grant but will fail if unauthorized
func Grant(key, password string, cfg *Config) (*APIAccess, error)
IsGranted checks if the user request is authenticated by the token held within
the provided tokenStore (should be a http.Cookie or http.Header)
func IsGranted(req *http.Request, tokenStore reqHeaderOrHTTPCookie) bool
IsOwner validates the access token and checks the claims within the
authenticated request's JWT for the key associated with the grant.
func IsOwner(req *http.Request, tokenStore reqHeaderOrHTTPCookie, key string) bool
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].