Provides a REST API for user authentication with JWT.
ToDo
- Implement user deletion endpoint
Build with docker build -t auth-provider .
. You can also use the prebuild jonasmusall/auth-provider image (just replace the image name auth-provider
with jonasmusall/auth-provider
in the following commands).
To run the server using Docker, first generate the JWT keys and an empty database:
docker run --rm -v $PWD/certs:/app/package/certs -u $(id -u):$(id -g) auth-provider scripts/keygen-jwt.sh
This creates a
certs
folder in the current directory and mounts it inside of the container running theauth-provider
image you built. Thekeygen-jwt.sh
script now generates the JWT keys and places them in that folder so they can be used later when actually running the server.
docker run --rm -v $PWD/db:/app/package/prisma/db -u $(id -u):$(id -g) auth-provider npm run prisma-deploy
Here we tell Docker to create and mount a
db
folder and runnpm run prisma-deploy
inside of the container, invoking the Prisma CLI to create an empty database.
The second command can also be used to migrate to a new version of auth-provider where the database schema has changed.
After these setup steps, the server can be started with the following command (specify what IP and port you want it to listen to):
docker run -v $PWD/certs:/app/package/certs -v $PWD/db:/app/package/prisma/db -p [<ip>:]<port>:8889 -u $(id -u):$(id -g) --name auth-provider auth-provider
If you want to configure the server inside of the docker container to change parameters such as the token lifetime, mount a config.json
file in the container by adding -v <path to config file>:/app/package/config.json
to the flags of the command above. The config.json
file may include the following fields:
{
userNameAllowedRegEx: string,
userNameReservedRegEx: string,
tokenLifetime: number // in seconds
}
Create a new user.
{
password: string
}
User created. No reply body.
Username malformed.
{
statusCode: 400,
error: 'Bad Request',
message: 'Username malformed'
}
Username unavailable (already in use, reserved or not allowed).
{
statusCode: 409,
error: 'Conflict',
message: 'Username unavailable'
}
Request a JWT for user authentication.
{
password: string
}
Reply
JWT has been created and signed.
{
token: string,
expiresAt: number
}
User not found or password incorrect.
{
statusCode: 404,
error: 'Not Found',
message: 'User not found or password incorrect'
}
Change a user's password.
{
password: string,
newPassword: string
}
Reply
Password has been changed. No reply body.
User not found or password incorrect.
{
statusCode: 404,
error: 'Not Found',
message: 'User not found or password incorrect'
}
Delete a user. Not implemented yet.
{ password: string }Reply
User has been deleted. No reply body.
User not found or password incorrect.
{ statusCode: 404, error: 'Not Found', message: 'User not found or password incorrect' }
Retrieve the PEM encoded public RSA key used to sign all JWTs.
Reply (200 OK)
{
publicKey: string
}