Skip to content

JWT login microservice with plugable backends such as OAuth2, Google, Github, htpasswd

License

Notifications You must be signed in to change notification settings

liskl/login-service

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

login-service

login-service is a standalone minimalistic login server providing a (JWT)[https://jwt.io/] login for multiple login backends.

Abstract

login-service provides a minimal endpoint for authentication. The login is then performed against the providers and returned as Json Web Token.

Supported Provider

The following providers (login backends) are supported.

  • (OSIAM)[http://osiam.org/] OSIAM is a secure identity management solution providing REST based services for authentication and authorization. It implements the multplie OAuth2 flows, as well as SCIM for managing the user data.
  • Simple (user/password pairs by configuration)

Future Planed Features

  • Support for 3-leged-Oauth2 flow (OSIAM, Google, Facebook login)
  • Backend for checking agains .htaccess file
  • Caddyserver middleware

API

GET /login

Returns a simple bootstrap styled login form.

The returned html follows the ui composition conventions from (lib-compose)[https://github.com/tarent/lib-compose], so it can be embedded into an existing layout.

POST /login

Does the login and returns the JWT. Depending on the content-type, and parameters a classical JSON-Rest or a redirect can be performed.

Parameters

Parameter-Type Parameter Description
Http-Header Accept: text/html Set the JWT-Token as Cookie 'jwt_token'. default
Http-Header Accept: application/jwt Returns the JWT-Token within the body. No Cookie is set.
Http-Header Content-Type: application/x-www-form-urlencoded Expect the credentials as form encoded parameters. default
Http-Header Content-Type: application/json Take the credentials from the provided json object.
Post-Parameter username The username
Post-Parameter password The password
Config-Parameter success-url The url to redirect on success (default /)

Possible Return Codes

Code Meaning Description
200 OK Successfully authenticated
403 Forbidden The Credentials are wrong
400 Bad Request Missing parameters
500 Internal Server Error Internal error, e.g. the login provider is not available or failed
303 See Other Sets the JWT as a cookie, if the login succeeds and redirect to the urls provided in redirectSuccess or redirectError

Hint: The status 401 Unauthorized is not used as a return code to not conflict with an Http BasicAuth Authentication.

Example:

Default is to return the token as Content-Type application/jwt within the body.

curl -i --data "username=foo&password=bar" http://127.0.0.1:6789/login
HTTP/1.1 200 OK
Content-Type: application/jwt
Date: Fri, 11 Feb 2022 21:32:27 EST
Content-Length: 100
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJmb28ifQ.wlTUsPIX9A5guOq0TrsoFXWDdeX-gI1auvmIuiWq7VE

Example: Credentials as JSON

The Credentials also could be send as JSON encoded.

curl -i -H 'Content-Type: application/json'  --data '{"username": "foo", "password": "bar"}' http://127.0.0.1:6789/login
HTTP/1.1 200 OK
Content-Type: application/jwt
Date: Fri, 11 Feb 2022 21:34:22 EST
Content-Length: 100
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJmb28ifQ.wlTUsPIX9A5guOq0TrsoFXWDdeX-gI1auvmIuiWq7VE

Example: web based flow with 'Accept: text/html'

Sets the jwt token as cookie and redirects to a web page.

curl -i -H 'Accept: text/html' --data "username=foo&password=bar" http://127.0.0.1:6789/login
HTTP/1.1 303 See Other
Location: /
Set-Cookie: jwt_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJmb28ifQ.wlTUsPIX9A5guOq0TrsoFXWDdeX-gI1auvmIuiWq7VE; HttpOnly

Provider

Osiam

To start loginsrv against the default osiam configuration on the same machine, use the following example.

loginsrv --jwt-secret=jwtsecret --text-logging -backend 'provider=osiam,endpoint=http://localhost:8080,clientId=example-client,clientSecret=secret'

Then go to http://127.0.0.1:6789/login and login with admin/password.

About

JWT login microservice with plugable backends such as OAuth2, Google, Github, htpasswd

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages