All Projects → maximthomas → Gortas

maximthomas / Gortas

Licence: apache-2.0
Gortas is an API based authentication service, allows adding authentication to your site or service with minimum efforts.

Programming Languages

go
31211 projects - #10 most used programming language

Projects that are alternatives of or similar to Gortas

Privacyidea
🔐 multi factor authentication system (2FA, MFA, OTP Server)
Stars: ✭ 1,027 (+2039.58%)
Mutual labels:  otp, authentication, 2fa
Totp Cli
A cli-based pass-backed TOTP app
Stars: ✭ 76 (+58.33%)
Mutual labels:  otp, authentication, 2fa
Awesome Iam
👤 Identity and Access Management Knowledge for Cloud Platforms
Stars: ✭ 186 (+287.5%)
Mutual labels:  authentication, authorization, 2fa
Jso
Easy to use OAuth 2.0 javascript library for use in your javascript application.
Stars: ✭ 830 (+1629.17%)
Mutual labels:  authentication, authorization
Matrixauth
High-performance lightweight distributed permission system. 高性能轻量级分布式权限系统。
Stars: ✭ 41 (-14.58%)
Mutual labels:  authentication, authorization
Github Create Token
Create a Github OAuth access token.
Stars: ✭ 6 (-87.5%)
Mutual labels:  authentication, authorization
Django Oidc Rp
A server side OpenID Connect Relying Party (RP, Client) implementation for Django.
Stars: ✭ 16 (-66.67%)
Mutual labels:  authentication, authorization
Otplib
🔑 One Time Password (OTP) / 2FA for Node.js and Browser - Supports HOTP, TOTP and Google Authenticator
Stars: ✭ 916 (+1808.33%)
Mutual labels:  otp, 2fa
Dancer Plugin Auth Extensible
Authentication framework for Dancer-based web applications
Stars: ✭ 22 (-54.17%)
Mutual labels:  authentication, authorization
Rbac
Hierarchical Role Based Access Control for NodeJS
Stars: ✭ 857 (+1685.42%)
Mutual labels:  authentication, authorization
Fernet Java8
Java 8 implementation of the Fernet Specification
Stars: ✭ 24 (-50%)
Mutual labels:  authentication, authorization
React Firebase Authentication
🔥 Boilerplate Project for Authentication with Firebase in React.
Stars: ✭ 863 (+1697.92%)
Mutual labels:  authentication, authorization
Auth0.js
Auth0 headless browser sdk
Stars: ✭ 755 (+1472.92%)
Mutual labels:  authentication, authorization
Aws Serverless Auth Reference App
Serverless reference app and backend API, showcasing authentication and authorization patterns using Amazon Cognito, Amazon API Gateway, AWS Lambda, and AWS IAM.
Stars: ✭ 724 (+1408.33%)
Mutual labels:  authentication, authorization
Authenticator
Authenticator generates 2-Step Verification codes in your browser.
Stars: ✭ 979 (+1939.58%)
Mutual labels:  otp, 2fa
Php Auth
Authentication for PHP. Simple, lightweight and secure.
Stars: ✭ 713 (+1385.42%)
Mutual labels:  authentication, authorization
Aspnet5identityserverangularimplicitflow
OpenID Connect Code / Implicit Flow with Angular and ASP.NET Core 5 IdentityServer4
Stars: ✭ 670 (+1295.83%)
Mutual labels:  authentication, authorization
Access
Ponzu Addon to manage API access grants and tokens for authentication
Stars: ✭ 13 (-72.92%)
Mutual labels:  authentication, authorization
Authelia
The Single Sign-On Multi-Factor portal for web apps
Stars: ✭ 11,094 (+23012.5%)
Mutual labels:  authentication, 2fa
Fwknop
Single Packet Authorization > Port Knocking
Stars: ✭ 664 (+1283.33%)
Mutual labels:  authentication, authorization

Gortas

Gortas (Golang Authentication Service) is an API based authentication service, allows adding authentication to your site or service with minimum efforts. Gortas supports multiple authentication methods across various data sources. You can authenticate against your Active Directory or other LDAP user directory or use MongoDB.

It allows building complex authentication processes with various steps and different authentication methods.

For example, you can build login and password authentication with SMS confirmation code, and the user won't be authenticated until he enters a one-time password sent via SMS.

Quick Start with docker-compose

Clone Gortas repository

git clone https://github.com/maximthomas/gortas.git

Then go to gortas directory and run docker-compose

docker-compose up

This command will create three services:

  1. gortas - authentication API service
  2. gortas-ui - UI client for auth-service, built with React
  3. mongo - Mongo database for user and session storage

Open http://localhost:3000 in your browser to Sign Up. After signing up you can Sign In with the recently created account.

Deeper Into the Details

Supported Authentication methods

  • Username and password - authenticates against existing user data store
  • Registration - creates a user account in a user data store for further authentication
  • Kerberos - uses Kerberos authentication

It is possible to develop custom authentication methods.

Supported Data Sources

  • LDAP
  • NoSQL
    • MongoDB
  • SQL databases (in development)

Main concepts

With Gortas you can build an authentication system with any desired complexity.

Realm

There could be different realms - for example, staff realm for employees and clients realm for clients. All realms use their own user data stores. For example, for staff users, we will use an enterprise LDAP user directory, for clients we could use another database, for example, MongoDB. Every realm contains authentication modules, authentication chains, and user data store.

Authentication Module

Single authentication module, responsible for authentication or authorization step. For example - prompt username and password or send and verify a one-time password.

Authentication Chain

Authentication modules organized in authentication chains. Every authentication chain is the sequence of authentication modules to orchestrate complex authentication process. For example, we have two modules: Login module - prompts a user to provide login and password and OTP module - sends SMS with a one-time password to the user.

When a user tries to authenticate he will be prompted to enter login and password. If the credentials are correct authentication service sends OTP via SMS and prompts the user to enter the one-time password as a second authentication factor. On the other hand, we can line up kerberos and login and password in the same chain. So if a user was not authenticated via Kerberos they will be prompted to enter his credentials manually.

Configuration Reference

authentication: #section defines everything related to authentication process 
  realms: # defines realm
    users: #realm ID
      modules: # authentication modules
        login: # authentication module ID - used in authentication chain
          type: "login" # could be "login", "registration", "kerberos"
          properties: #module properties map
        registration:
          type: "registration"
          properties:
            additionalFileds:
              - dataStore: "name"
                prompt: "Name"

      authChains: # defines authentication chains
        login: # authentication chain ID
          modules: # authentication chain modules list
            - id: "login" # module id
              properties:
        registration:
          modules:
            - id: "registration"
              properties:

      userDataStore: # defines User Data Store
        type: "mongodb" # could be "mongodb" or "ldap"
        properties:
          url:  "mongodb://root:[email protected]:27017"
          database:   "users"
          collection: "users"
          userAttributes: # additional user attributes 
            - "name"

session:
  type: "stateless" # could be also "stateful"
  expires: 60000 #token lifetime in seconds
  jwt: #JWT properties
    issuer: 'http://gortas'
    privateKeyPem: |
      -----BEGIN RSA PRIVATE KEY-----
      MIIBOQIBAAJATmLeD2qa5ejVKJ3rwcSJaZAeRw4CVrUHvi1uVvBah6+6qCdjvH8N
      RT+GOI3ymdnilILPHcn51A0XQAXyrvFkgwIDAQABAkAPZUvIK2ARGBIF0D6l6Dw1
      B6Fqw02iShwjNjkdykd9rsZ+UwsYHJ9xXSa2xp7eGurIUqyaDxF+53xpE9AH72PB
      AiEAlEOIScKvyIqp3ZAxjYUd3feke2AGq4ckoq/dXFvxKHcCIQCHWH+6xKyXqaDL
      bG5rq18VQR2Nj7VknY4Eir6Z6LrzVQIgSz3WbXBi2wgb2ngx3ZsfpCToEUCTQftM
      iU9srFFwmlMCIFPUbMixqHUHi6BzuLDXpDz15+gWarO3Io+NoCCUFbdBAiEAinVf
      Lnb+YDP3L5ZzSNF92P9yBQaopFCifjrUqSS85uw=
      -----END RSA PRIVATE KEY-----

  dataStore: # session data store
    type: "mongo" 
    properties:
      url: "mongodb://root:[email protected]:27017"
      database:   "session"
      collection: "session"

server: #server settings
  cors: 
    allowedOrigins:
      - http://localhost:3000

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].