Implementation of a Token-Based identity and authorization server.
Key implementation details
- Uses tokens to authenticate users.
- Refresh Token Rotation implementation guaranting that every time an application exchanges a refresh token to get a new access token, a new refresh token is also returned.
- Automatic Refresh Token reuse detection deactivating the user and marking the user record as compromised.
- All tokens are given a expiration
- Only the minimum needed information is kept in the token.
Docker Compose is used to execute the project and is described below. Docker Desktop includes Compose along with other Docker apps, so most users do not need to install Compose separately.
-
$ git clone https://github.com/kjpou1/token-auth-server.git $ cd token-auth-server -
Setup the default user seed information for api:
-
First create the
.envfile-
Mac
$ cd api $ touch .env -
Windows
cd api copy .env+
-
-
Open and add the following configuration entries:
#=========================== ## Database seed information #=========================== # The default name of the user SEED_NAME=Admin # The default email of the user SEED_EMAIL=admin@example.com # The default password of the seeded user SEED_PASSWORD=
❗ Note: Make sure to provide a SEED_PASSWORD value or an error will be issued during startup
-
Start up the docker compose file provided in the main directory.
-
docker compose up --build -
docker compose up -d --build
This may take a while on first run while everything is being downloaded, built and installed.
By default the auth server can be reached at http://localhost:3001/api/vi/
There are a couple of delivered forms that one can use.
They use a redirect after a successful action.
- Sign In with redirect - http://localhost:3001/auth-forms/signin
- Register with redirect - http://localhost:3001/auth-forms/register