Auth
A service for all your authn and authz needs.
Password
The service allows you to generate a secure password. The system uses:
We take recommendations from NIST Password Guidelines.
Key
The service allows you to generate a secure RSA public and private keys. We take recommendations from A Guide to RSA Encryption in Go.
The service also requires to have a public and a private key to be configured as such:
server:
v1:
key:
public: |
-----BEGIN RSA PUBLIC KEY-----
...
-----END RSA PUBLIC KEY-----
private: |
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
These keys should be stored and retrieved from an application configuration system.
Access Token
The service allows access tokens to be created that will be used to generate bearer tokens to be used to generate service tokens. This is configured as follows:
server:
v1:
admins:
- id: su-1234
hash: bcrypt-password
Each admin has an id and a hash. The password and hash are generated by the password service. The user then sends id:password
as Basic Authentication. This will give you an encrypted access token. This token is a password that is encrypted with the public key. So you could always generate your own token if needed.
The password and token should be stored and retrieved from an application configuration system. The hash is safe to just leave as is, not need to securely store it.
Service Tokens
Once you have access tokens you can use those to generate bearer tokens. These tokens are JWT tokens. This is configured as follows:
server:
v1:
services:
- id: test-service
hash: bcrypt-password
duration: 24h
Each service has an id, hash and duration. The access token is generated by the access token service. The user then sends the access token as Bearer Authentication. This will give you an encrypted service token that is valid for the duration.
The hash is safe to just leave as is, not need to securely store it.
Issuer
This is used to add the issuer to service tokens. This is configured as follows:
server:
v1:
issuer: https://auth.falkowski.io
Development
If you would like to contribute, here is how you can get started.
Structure
The project follows the structure in golang-standards/project-layout.
Dependencies
Please make sure that you have the following installed:
Style
This project favours the Uber Go Style Guide
Setup
The get yourself setup, please run the following:
make setup
Binaries
To make sure everything compiles for the app, please run the following:
make build-test
Features
To run all the features, please run the following:
make features
Changes
To see what has changed, please have a look at CHANGELOG.md