Giters

olibre / quid

Json web tokens server

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Quid

A Json Web Tokens (JWT) server

Install and run

Download the latest release to run a binary or clone the repository to compile from source.

Check PostreSQL

Quid expects PostreSQL listens to the port 5432.

You can check your PostreSQL status and the port:

$ sudo service postgresql status
$ ss -nlt | grep 5432
LISTEN  0        244            127.0.0.1:5432           0.0.0.0:*

Create user and database

If you do not have already created a priviledged user, create it:

$ sudo -u postgres psql
postgres=# create user pguser with password 'my_password';
CREATE ROLE

Create the Quid database:

$ sudo -u postgres psql
postgres=# create database quid;
CREATE DATABASE
postgres=# GRANT ALL PRIVILEGES ON DATABASE quid to pguser;
GRANT

You may replace the above last statement by:

postgres=# GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public to pguser;

Configure

  1. Create the default config file:

    ./quid -conf

  2. Edit the configuration file to set your database credentials:

     vim config.json

  3. Initialize the database and create an admin user:

    ./quid -init

Run

./quid

Go to localhost:8082 to login into the admin interface

xdg-open http://localhost:8082

Screenshot

Compile from source

cd quidui
npm install
npm run build
cd ..
go build

Run in dev mode

Request tokens

Request a refresh token and use it to request access tokens

Refresh token

A public endpoint is available to request refresh tokens for namespaces. A time to live must be provided. Ex: request a refresh token with a 24h lifetime /token/refresh/24h:

curl -X POST http://localhost:8082/token/refresh/10m          \
     -H 'Content-Type: application/json'                      \
     -d '{"namespace":"my_namespace","username":"my_username","password":"my_password"}'

Response:

{"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IzpXVCJ9..."}

Access token

A public endpoint is available to request access tokens for namespaces. A time to live must be provided. Ex: request an access token with a 10 minutes lifetime /token/access/10m:

curl -X POST http://localhost:8082/token/access/10m           \
     -H 'Content-Type: application/json'                      \
     -d '{"namespace":"my_namespace","refresh_token":"zpXVCJ9..."}'

Response:

{"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IzpXVCJ9..."}

Note: if the requested duration exceeds the max authorized tokens time to live for the namespace the demand will be rejected

Decode tokens

In python:

payload = jwt.decode(token, key, algorithms=['HS256'])

Example payload:

{
    'namespace': 'my_namespace1', 
    'name': 'my_username', 
    'groups': ['my_group1', 'my_group2'], 
    'exp': 1595950745
}

exp is the expiration timestamp in Unix time format (seconds since 1970).

See also the python example

Client library

Javascript client library: example usage

About

Json web tokens server

License:MIT License

Languages

Language:Go 55.0%Language:Vue 32.7%Language:JavaScript 10.1%Language:Python 1.0%Language:CSS 0.6%Language:HTML 0.5%