Skip to content

Releases: tomkonidas/one-auth

Release list

v0.1.0

Choose a tag to compare

@tomkonidas tomkonidas released this 14 Jul 14:51
7d16341

OneAuth v0.1.0

Initial release of OneAuth — a simple, database-free alternative to HTTP Basic Auth for Plug-based applications.

If your app just needs to sit behind a single account (a personal dashboard, an internal tool, an admin panel) without pulling in a full multi-user auth system, OneAuth gives you a real session-based login flow, configured with one username and password, no schema or migrations required.

Features

  • Session-based loginOneAuth.login/3, OneAuth.current_user/1, and OneAuth.logout/1 for a normal login/logout flow instead of the browser's Basic Auth dialog
  • Signed, stateless sessions — session tokens are signed with Plug.Crypto.MessageVerifier and support a configurable :max_session_age (defaults to 24 hours)
  • OneAuth.Plug.LoadSession — loads and verifies the current session on every request
  • OneAuth.Plug.RequireAuth — protects routes and redirects unauthenticated requests to your login page, remembering where the user was headed
  • Safe redirectsredirect_to handling only accepts relative paths, guarding against open-redirect vulnerabilities
  • Constant-time credential checks — username and password comparisons use Plug.Crypto.secure_compare/2
  • Framework-agnostic — works with any Plug-compatible app, including Phoenix

Getting started

def deps do
  [
    {:one_auth, "~> 0.1"}
  ]
end

See the README for setup and the Configuration guide for all available options.

Note

OneAuth is under active development. As a pre-1.0 release, APIs may change in future minor versions.