@curveball/a12n-server v0.31.3
@curveball/a12n-server: A simple authentication server
a12n is short for "authentication".
a12n-server is a simple authentication server that implements the OAuth2 and OpenID Connect standards.
It's goals is to create a fast, lightweight server that can be quickly deployed on both dev machines and
in production.
Requirements
- Node.js > 18.x
- MySQL, Postgres or Sqlite
Try it out!
Get a test server by running:
mkdir a12n-server && cd a12n-server
npx @curveball/a12n-serverThis will automatically create a configuration file and sqlite database in the current directory.
Then, just open http://localhost:8531/ to create your admin account. See Getting started for more ways to run the server.
Contributing or just curious about the code?
Run from source or run the codebase with Docker
š Features
This project has been used in production since 2018 and continues to be actively maintained.
Instead of rolling your own authentication system, you get A LOT of features for free šŖ:
| Supported Features | Details |
|---|---|
| User Management | ā¢ Create, update, delete and list users with our User APIā¢ Password reset/recovery flow |
| Authentication Methods | ā¢ Username/password loginā¢ Multi-factor authentication (MFA): ā¢ TOTP (Time-based One-Time Passcodes with Google Authenticator)ā¢ Email one-time codesā¢ WebAuthN hardware keys |
| Authorization | ā¢ Role-based access control (RBAC)ā¢ Groups and permissions managementā¢ Fine-grained access policies |
| OAuth2 Support | ā¢ Multiple grant types (Authorization code, client credentials, etc)ā¢ Token introspection and revocationā¢ PKCE for enhanced securityā¢ JWT access tokens (RFC 9068) |
| OpenID Connect | ā¢ Standard OIDC configuration endpointsā¢ Discovery documentā¢ JSON Web Key Sets (JWKS)ā¢ Multiple response types |
| Developer Experience | ā¢ Browser-based admin UIā¢ Browsable REST API with HTML and JSON responses ā¢ Signup and login views included |
The server supports OAuth2 and OpenID Connect, with support for the following features and standards:
- Authorization code, client credentials, password and implicit grants.
- OAuth2 discovery document and OpenID Connect configuration endpoint.
- OAuth 2 Token Introspection.
- Proof Key for Code Exchange (PKCE).
- JSON Web Key Sets.
- OAuth2 Token Revocation
- RFC 9068 - JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens.
- OAuth 2.0 Multiple Response Type Encoding Practices
š Documentation
- š Getting started
- š ļø Configure the server
- š Integrate with a browser client
- š Manage users with our APIs
- š Contribution Guidelines
- š° Code of Conduct
7 months ago
8 months ago
9 months ago
11 months ago
11 months ago
11 months ago
11 months ago
11 months ago
11 months ago
11 months ago
5 months ago
5 months ago
5 months ago
6 months ago
10 months ago
10 months ago
9 months ago
12 months ago
9 months ago
12 months ago
9 months ago
10 months ago
1 year ago
12 months ago
1 year ago
1 year ago
1 year ago
1 year ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago