Simple SSO
A homemade SSO system for your side projects.
Endpoints
-
GET /authenticate
: Authenticates the incoming request and returns 200 if the request is valid, 403 otherwise. It can be used to authenticate session cookies or access tokens. Headers:X-Auth-Access-Token
orX-Auth-Cookie-Token
If the request was successful, the response contains:X-Auth-User
as the login nameX-Auth-User-Email
as the user's emailX-Auth-User-Name
as the user's name
-
GET /login[?redirect=<redirect url>]
: Returns the HTML login form. -
POST /login[?redirect=<redirect url>]
: Validates the user credentials for the form and sets the session cookiessso-session
. If the redirect parameter is set, it will return 302 to the redirect url. -
POST /logout
: Invalidates the current opened session. -
GET /me
: Returns the HTML page containing user's information. Can also return the JSON representation for API calls. -
POST /me
: Updates passwords, creates and deletes API Tokens. -
GET /api/users/<login name>
: An internal (not public) API for retrieving user information.
Backend
A Postgres database containing:
users
table: Contains the user information.sessions
table: Contains the opened user sessions.access_tokens
table: Contains valid personal access tokens.
Configuration
All parameters must be defined using environment variables:
SSSO_DB_HOST
: Database hostSSSO_DB_PORT
: Database portSSSO_DB_NAME
: Database nameSSSO_DB_USERNAME
: Database usernameSSSO_DB_PASSWORD
: Database passwordSSSO_KEY
: Base64 encoded key for encrypt/decrypt textSSSO_DOMAIN
: Cookie domain, where the cookie is validLOG_LEVEL
: Log level, defaultinfo
.
Creating a encryption key
Use $ bin/ssso generate-key
. The output is base64 encoded.
Passwords
Passwords are stored using the algorithm BCrypt. To insert a new user,
use $ bin/ssso insert-user
and follow the instructions.
Nginx
This application is intended to be deployed behind a nginx server (u other http server that allows access control). See the nginx config file for an example.
Testing
Use docker compose to start all components and add to your /etc/hosts
:
127.0.0.1 localhost-test.com ssso.localhost-test.com a.localhost-test.com b.localhost-test.com
TODO
- Clean up the code
- Add some neat CSS
- Add user registration