Authorization Server on sTEROIDs.
Asteroid is an OAuth2 server designed for performance, extensibility and maintenability. It benefits from the high performances and reliability of the Erlang Virtual Machine.
This project is no longer maintained and is not suitable for use in production. In
particular, the identity backend (AttributeRepository
) is buggy, does not support
SQL databases and needs a major rewrite. Other components (such as object stores,
crypto backend, ...) and the whole application would need some rewriting too.
It is unlikely the author will find time to work on this project in the future.
Asteroid supports the following specifications:
- OAuth2:
- The OAuth 2.0 Authorization Framework (RFC6749)
- The OAuth 2.0 Authorization Framework: Bearer Token Usage (RFC6750)
with
APIacAuthBearer
- OAuth 2.0 Token Introspection (RFC7662)
- OAuth 2.0 Token Revocation (RFC7009)
- Proof Key for Code Exchange by OAuth Public Clients (RFC7636)
- OAuth 2.0 Dynamic Client Registration Protocol (RFC7591)
- OAuth 2.0 Authorization Server Metadata (RFC8414)
- OAuth 2.0 Device Authorization Grant (RFC8628)
- JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens (draft-ietf-oauth-access-token-jwt-00)
- OpenID Connect:
Asteroid strives to fully implement the specifications. For specifics about support, refer to the documentation.
The demo_auth_workflow
branch implements two flows. Refer to the documentation for more
information.
First, install Elixir. Then clone this repository and launch Asteroid:
git clone https://github.com/tanguilp/asteroid.git
cd asteroid/
mix deps.get
iex -S mix phx.server
You can build documentation using mix:
mix docs
The documentation is generated in the doc/
folder.
It is also published here.
It contains information related to the use of the test application in the "Running the demo app" section.