Authentication Server is a modern OpenID Conncect Provider for Node.js, implementing a broad range of different OAuth 2.0 Grant Types flows. In addition, this project offers local authentication, by allowing users to signup, login and even reset their passwords. This registration process is implemented using transactional emails and follows the latest security practices.
Contributions, feature requests and bug reports are always welcome. Be sure to head over to Contributing for a detailed guide on how to contribute.
First, Authentication Server is free to use and you can deploy it on your own servers as you wish. The OAuth 2.0 implementation is structured in such a way that adding a custom Grant Type has been facilitated. In addition, this project offers the following features:
- Fully featured OpenID Connect Provider
- OAuth 2.0 Multiple Response Types
- OAuth 2.0 Client Credentials Grant
- OAuth 2.0 Password Grant Type
- OAuth 2.0 Refresh Token Grant Type
- OAuth 2.0 Bearer Token Usage
- Custom OAuth Grant Type, implemented here
- Local authentication
- Transactional emails (user registration, password reset)
- Admin REST API with API Key
- Linking user accounts to a Discord user
- Basic SaaS support: adding subscriptions (aka licenses) to user accounts, with given expiry, using Admin API
You need to have Node.js along with MongoDB (can also be a seperate instance) installed. We recommend the LTS release. After having sucessfully installed both applications, follow the steps below:
- Clone this repository or download the latest zip.
- Copy
config/production-example.jsontoconfig/production.jsonand fill it properly (see below). - Install dependencies:
npm install. - To run for development, open a new Terminal window and run
npm watch-tsto watch for file changes. Then executenpm startto start the application. - To run for production, run
npm run buildand thenNODE_ENV=production npm start. - If you want to use
pm2, run the following command:NODE_ENV=production pm2 start dist/server.js --name "AuthServer"
For a minimal working configuration, the following settings have to be changed in the config/production-example.json-file:
mongo.url: The URL to your MongoDB database instance.mongo.user: The username used to acess the MongoDB database.mongo.pass: The password used to access the MongoDB database.jwt.issuer: The predefinedissuerclaim in the JSON Web Token (JWT)api.key: The API key in order to access the admin features, e.g. fetch user data.email: The SMTP server to relay the transactional emails such as user registration.email.shouldSend: Defines whether the emails should actually be sent or only opened in browser. Usually set tofalsein development mode.discord: The discord bot credentials that links a user account with a respective Discord user.redirects: The frontend redirects that should be made after a process flow has finished, e..g redirecting to a specifc page after the email has been sucessfully verified.
If you discover a bug in the authentication server, please search the issue tracker first. If it hasn't been reported, please create a new issue.
If you have a great idea to improve the authentication server, please search the feature tracker first to ensure someone else hasn't already come up with the same idea. If it hasn't been requested, please create a new request. While you're there vote on other feature requests to let the me know what is most important to you.
If you'd like to make your own changes ensure your Pull Request is made against the dev branch.
Copyright (c) 2021 Nico Haenggi - Released under the MIT License