Releases: tomkonidas/one-auth
Releases · tomkonidas/one-auth
Release list
v0.1.0
OneAuth v0.1.0
Initial release of OneAuth — a simple, database-free alternative to HTTP Basic Auth for Plug-based applications.
If your app just needs to sit behind a single account (a personal dashboard, an internal tool, an admin panel) without pulling in a full multi-user auth system, OneAuth gives you a real session-based login flow, configured with one username and password, no schema or migrations required.
Features
- Session-based login —
OneAuth.login/3,OneAuth.current_user/1, andOneAuth.logout/1for a normal login/logout flow instead of the browser's Basic Auth dialog - Signed, stateless sessions — session tokens are signed with
Plug.Crypto.MessageVerifierand support a configurable:max_session_age(defaults to 24 hours) OneAuth.Plug.LoadSession— loads and verifies the current session on every requestOneAuth.Plug.RequireAuth— protects routes and redirects unauthenticated requests to your login page, remembering where the user was headed- Safe redirects —
redirect_tohandling only accepts relative paths, guarding against open-redirect vulnerabilities - Constant-time credential checks — username and password comparisons use
Plug.Crypto.secure_compare/2 - Framework-agnostic — works with any
Plug-compatible app, including Phoenix
Getting started
def deps do
[
{:one_auth, "~> 0.1"}
]
endSee the README for setup and the Configuration guide for all available options.
Note
OneAuth is under active development. As a pre-1.0 release, APIs may change in future minor versions.