project is under active development and is not production ready
This repository holds the authentication service for moov.io. If you find a problem (security or otherwise), please contact us at security@moov.io
.
The auth project supports various auth methods:
- REST authentication and user sign-up
- OAuth2 exchange (linked to an authenticated user)
Docs: docs.moov.io | api docs
This project is currently pre-production and could change without much notice, however we are looking for community feedback so please try out our code or give us feedback!
You can download our docker image moov/auth
from Docker Hub or use this repository. No configuration is required to serve on :8081
and metrics at :9091/metrics
in Prometheus format.
Also, go run
works:
$ cd moov/auth # wherever this project lives
$ go run .
ts=2018-12-13T19:18:11.062095Z caller=main.go:80 startup="Starting auth server version v0.4.3-dev"
ts=2018-12-13T19:18:11.062633Z caller=main.go:103 main="sqlite version 3.25.2"
ts=2018-12-13T19:18:11.062617Z caller=main.go:92 admin="listening on :9091"
ts=2018-12-13T19:18:11.064059Z caller=sqlite.go:96 sqlite="starting database migrations..."
ts=2018-12-13T19:18:11.064153Z caller=sqlite.go:105 sqlite="migration #0 [create table if not exists users(user_id...] changed 0 rows"
... (more database migration log lines)
ts=2018-12-13T19:18:11.064345Z caller=sqlite.go:108 sqlite="finished migrations"
ts=2018-12-13T19:18:11.066804Z caller=main.go:189 transport=HTTP addr=:8081
The follow are environment variables can be configured:
Required
DOMAIN
: Domain to set on cookies.
Optional
OAUTH2_CLIENTS_DSN
: Data Source Name (DSN) for the OAuth2 clients database. (Example:file:oauth2_clients.db
)OAUTH2_TOKENS_DSN
: Data Source Name (DSN) for the OAuth2 tokens database. (Example:file:oauth2_tokens.db
)SQLITE_DB_PATH
: File path to our sqlite database. (Example:auth.db
)TLS_CERT
andTLS_KEY
: File paths to TLS certificate and keyfile (in PEM encoding).
Method | Path | Description |
---|---|---|
GET | /ping | Always returns "PONG". Useful for readness check |
POST | /users/create | Create a new user. (Signup) |
GET | /users/login | Verify if a Cookie is valid for a user. |
POST | /users/login | Login with an email and password. |
DELETE | /users/login | Invalidat a user's active cookies. |
GET | /oauth2/authorize | Verify a Bearer OAuth2 token. |
[GET&]POST | /oauth2/token | Create a new OAuth2 token. |
POST | /oauth2/token/create | Create a new OAuth2 client credential set. |
Name | Help Text |
---|---|
auth_successes | Count of successful authorizations |
auth_failures | Count of failed authorizations |
auth_inactivations | Count of inactivated auths (i.e. user logout) |
http_errors | Count of how many 5xx errors we send out |
oauth2_client_generations | Count of auth tokens created |
oauth2_token_generations | Count of auth tokens created |
sqlite_connections | How many sqlite connections and what status they're in. |
channel | info |
---|---|
Project Documentation | Our project documentation available online. |
Google Group moov-users | The Moov users Google group is for contributors other people contributing to the Moov project. You can join them without a google account by sending an email to moov-users+subscribe@googlegroups.com. After receiving the join-request message, you can simply reply to that to confirm the subscription. |
Twitter @moov_io | You can follow Moov.IO's Twitter feed to get updates on our project(s). You can also tweet us questions or just share blogs or stories. |
GitHub Issue | If you are able to reproduce an problem please open a GitHub Issue under the specific project that caused the error. |
moov-io slack | Join our slack channel to have an interactive discussion about the development of the project. Request an invite to the slack channel |
- 64-bit Linux (Ubuntu, Debian), macOS, and Windows
Yes please! Please review our Contributing guide and Code of Conduct to get started!
Note: This project uses Go Modules, which requires Go 1.11 or higher, but we ship the vendor directory in our repository.
Apache License 2.0 See LICENSE for details.