Skip to content

virtualzone/jwt-auth-proxy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

35 Commits

docs

docs

 
 

example

example

 
 

hooks

hooks

 
 

res

res

 
 

src

src

 
 

test

test

 
 

.dockerignore

.dockerignore

 
 

.gitignore

.gitignore

 
 

.readthedocs.yml

.readthedocs.yml

 
 

Dockerfile

Dockerfile

 
 

Dockerfile.arm32v6

Dockerfile.arm32v6

 
 

Dockerfile.arm32v7

Dockerfile.arm32v7

 
 

Dockerfile.arm64v8

Dockerfile.arm64v8

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

VERSION

VERSION

 
 

diagram.png

diagram.png

 
 

mkdocs.yml

mkdocs.yml

 
 

multi-arch-manifest.template.yaml

multi-arch-manifest.template.yaml

 
 

multi-arch-manifest.yaml

multi-arch-manifest.yaml

 
 

run.sh

run.sh

 
 

Repository files navigation

JWT Auth Proxy

This JWT Auth Proxy is a lightweight authentication proxy written in Go designed for use in Docker/Kubernetes environments.

JWT Auth Proxy

JWT Auth Proxy sits between your frontend and your application's backend, handles authentication, and proxies authenticated requests to your backend. It offers REST APIs and logic for signup (incl. double-opt-in), password reset ("forgot my password") and verified email address change. This way, your application's backend can focus on the actual business logic, while relying on secure authentication having been performed before.

To your application's backend, the JWT Auth Proxy provides an mTLS-secured REST API for modifying user objects and storing custom data per user.

JWT Auth Proxy uses short-lived JWT access tokens (HMAC-signing with SHA-512) and long-lived UUIDv4 refresh tokens for securely retrieving new access tokens before the old one expires. It supports Two-Factor Authentication (2FA) via Time-based One-Time passwords (TOTP).

Features

User-facing

  • Easy-to-use REST API for
    • Signup with double-opt-in
    • Login (with TOTP optionally)
    • Logout
    • Password reset (forgot password)
    • Email address change with double-opt-in
    • JWT access token renewal using long-lived refresh tokens
    • Activate and disable Two-Factor Authentication (2FA, TOTP)
  • Proxy authenticated requests to your application's backend
  • Whitelist backend URLs not requiring authentication (or blacklist)

Application-/Backend-facing

  • mTLS encrypted connecting (mutual TLS)
  • Easy-to-use REST API for
    • Create user
    • Delete user
    • Disable/enable user
    • Check password
    • Set password
    • Set email address
    • Store and retrieve custom per-user data (JSON)

Example

There is a little sample application in the example folder. It consists of the JWT Auth Proxy, a React-based web frontend and a Go-based application backend. It also contains a MongoDB instance and an instance of the Mailhog fake SMTP server.

To start the example:

git clone https://github.com/virtualzone/jwt-auth-proxy.git
cd jwt-auth-proxy/example
docker-compose up -d

Access the frontend at: http://localhost:8080

To access the Mailhog frontend and check for your signup mail: http://localhost:8025

Documentation

https://jwt-auth-proxy.readthedocs.io

About

A lightweight JWT authentication proxy written in Go designed for use in Docker/Kubernetes environments.

Topics

docker kubernetes security jwt signup authentication proxy proxy-server totp jwt-authentication refresh-tokens security-provider jwt-server two-factor-authentication 2fa jwt-middleware auth-proxy jwtauth auth-provider proxy-auth

Resources

Readme

License

Apache-2.0 license
Activity

Stars

17 stars

Watchers

1 watching

Forks

7 forks
Report repository

Releases

14 tags

Packages

No packages published

Languages