Ratify is a Central Authentication Service (CAS) implementing OAuth 2.0 and OpenID Connect (OID) protocols, as defined in RFC 6749.
- Implements various authorization flows
- Implements OpenID Connect protocol layer
- Register new applications to use Ratify
- Manage registered users (with email verification)
- Multi-factor authentication using Time-based One-Time Password (TOTP)
- Universal login
- User authentication and incident log
- Active session management
- Authorization Code
- Authorization Code with PKCE
- WIP: Client Credentials
Use the following libraries to easily integrate your application with Ratify's authentication service.
- JavaScript/TypeScript: ratify-client-js
The application comes in two parts:
| Name | Code Name | Stack |
|---|---|---|
| Back-end | ratify-be |
Go, Gin + Gorm, PostgreSQL, Redis |
| Front-end | ratify-fe |
TypeScript, Vue.js |
ratify-fe itself acts as stand-alone application to ratify-be, thus it utilizes an access token it self-issued via the Authorization Code with PKCE flow to authenticate users.
ratify-be uses Go Modules module/dependency manager, hence at least Go 1.11 is required. To ease development, comstrek/air is used to live-reload the application. Swagger is used for API documentation, swaggo/swag is used to generate the docs. Install the tools as documented.
To begin developing, simply enter the sub-directory and run the development server:
$ cd ratify-be
$ swag init
$ go mod tidy
$ airPopulate .env.development with the required credentials. Use the Client ID that ratify-be provides.
To begin developing, simply enter the sub-directory and run the development server:
$ cd ratify-fe
$ yarn
$ yarn serveBoth ratify-be and ratify-fe are containerized and pushed to Docker Hub. They are tagged based on their application name and version, e.g. daystram/ratify:be or daystram/ratify:be-v1.1.0.
To run ratify-be, run the following:
$ docker run --name ratify-be --env-file ./.env -p 8080:8080 -d daystram/ratify:beAnd ratify-fe as follows:
$ docker run --name ratify-fe -p 80:80 -d daystram/ratify:feThe following are required for ratify-be to function properly:
- PostgreSQL
- Redis
- SMTP Server
Their credentials must be provided in the configuration file.
To deploy to a Kubernetes cluster, Helm charts could be used. Add the repository:
$ helm repo add daystram https://charts.daystram.com
$ helm repo updateEnsure you have the secrets created for ratify-be by providing the secret name in values.yaml, or creating the secret from a populated .env file (make sure it is on the same namespace as ratify installation):
$ kubectl create secret generic secret-ratify-be --from-env-file=.envAnd install ratify:
$ helm install ratify daystram/ratifyYou can override the chart values by providing a values.yaml file via the --values flag.
Pre-release and development charts are accessible using the --devel flag. To isntall the development chart, provide the --set image.tag=dev flag, as development images are deployed with the suffix dev.
For ease of deployment, the following docker-compose.yml file can be used to orchestrate the stack deployment:
version: "3"
services:
ratify-be:
image: daystram/ratify:be
ports:
- "8080:8080"
env_file:
- /path_to_env_file/.env
restart: unless-stopped
ratify-fe:
image: daystram/ratify:fe
ports:
- "80:80"
restart: unless-stopped
postgres:
image: postgres:13.1-alpine
volumes:
- /path_to_postgres_data:/var/lib/postgresql/data
restart: unless-stopped
redis:
image: redis:6.0-alpine
expose:
- 6379
volumes:
- /path_to_redis_data:/data
restart: unless-stoppedUUID support is also required in PostgreSQL. For modern PostgreSQL versions (9.1 and newer), the contrib module uuid-ossp can be enabled as follows:
CREATE EXTENSION IF NOT EXISTS "uuid-ossp";This project is licensed under the MIT License.