Skip to content

kjpou1/token-auth-server

Repository files navigation

main branch

CI


Token Authentication Server

Implementation of a Token-Based identity and authorization server.

Key implementation details

  • Uses tokens to authenticate users.
  • Refresh Token Rotation implementation guaranting that every time an application exchanges a refresh token to get a new access token, a new refresh token is also returned.
  • Automatic Refresh Token reuse detection deactivating the user and marking the user record as compromised.
  • All tokens are given a expiration
  • Only the minimum needed information is kept in the token.

Pre Requirements

Docker Compose is used to execute the project and is described below. Docker Desktop includes Compose along with other Docker apps, so most users do not need to install Compose separately.

  • Docker Desktop

  • Clone this repository:

    $ git clone https://github.com/kjpou1/token-auth-server.git
    
    $ cd token-auth-server
    
  • Minimal Configuration:

    Setup the default user seed information for api:

    • First create the .env file

      • Mac

        $ cd api
        $ touch .env
        
      • Windows

        cd api
        copy .env+
        
    • Open and add the following configuration entries:

      #===========================
      ## Database seed information
      #===========================
      
      # The default name of the user
      SEED_NAME=Admin
      # The default email of the user
      [email protected]
      # The default password of the seeded user
      SEED_PASSWORD=

      Note: Make sure to provide a SEED_PASSWORD value or an error will be issued during startup

Quickstart - Running locally

Start up the docker compose file provided in the main directory.

  • Run interactively

    docker compose up --build
    
  • Run in background task

    docker compose up -d --build
    

This may take a while on first run while everything is being downloaded, built and installed.

By default the auth server can be reached at http://localhost:3001/api/vi/

Authentication Forms

There are a couple of delivered forms that one can use.

They use a redirect after a successful action.