Skip to content

waqasbhatti/authnzerver

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

555 Commits

.github/workflows

.github/workflows

 
 

authnzerver

authnzerver

 
 

deploy

deploy

 
 

docs

docs

 
 

.dockerignore

.dockerignore

 
 

.gitattributes

.gitattributes

 
 

.gitignore

.gitignore

 
 

CHANGELOG.md

CHANGELOG.md

 
 

Dockerfile

Dockerfile

 
 

LICENSE

LICENSE

 
 

MANIFEST.in

MANIFEST.in

 
 

README.md

README.md

 
 

docker_entrypoint.sh

docker_entrypoint.sh

 
 

pyproject.toml

pyproject.toml

 
 

requirements.txt

requirements.txt

 
 

setup.cfg

setup.cfg

 
 

setup.py

setup.py

 
 

test-requirements.txt

test-requirements.txt

 
 

versioneer.py

versioneer.py

 
 

Repository files navigation

Build Status Documentation Status

This is a small server meant to help add authentication (authn) and authorization (authz) to other HTTP servers. It's built using Tornado, SQLAlchemy, cryptography, argon2-cffi, python-diskcache, sortedcontainers, and uvloop.

I wrote it to help with the login/logout/signup flows for the Light Curve Collection Server and extracted much of the code from there. It builds on the auth bits there and is eventually meant to replace them. It can do the following things:

  • Handle user sign-ups, logins, logouts, and locks/unlocks.
  • Handle user email verification, password changes, forgotten password processes, and editing user properties.
  • Handle API key issuance and verification.
  • Handle access and rate-limit checks for arbitrary schemes of user roles, permissions, and target items. There is a default scheme of permissions and user roles, originally from the LCC-Server where this code was extracted from. A custom permissions policy can be specified as JSON.

Authnzerver talks to a frontend server over HTTP. Communications are secured with symmetric encryption using the cryptography package's Fernet scheme, so you'll need a pre-shared key that both Authnzerver and your frontend server know.

See the HTTP API docs for details on how to call Authnzerver from a frontend service.

See TODO.md for features that are planned for the future. See CHANGELOG.md for a version history.

More docs are available at Authnzerver's (in-progress) Read The Docs site.

Installation

Authnzerver is available at PyPI, but is very much a work in progress at the moment. Maybe hold off on installing it until we've reached v0.2 (beta).

With that said, it can be installed (preferably in a virtualenv) using pip:

(venv) $ pip install authnzerver

# use pip install authnzerver --pre for unstable releases

There's also a Docker container for authnzerver available on Docker Hub. The command below pulls the master branch version for now; stable versions will be added to Docker Hub later:

docker pull waqasbhatti/authnzerver:latest

Running the server

See the docs on how to configure the server with environment variables or command-line options, and run it either as a Docker container or as script executable from the Python package.

Quick start

If you have authnzerver installed as a Python package in an activated virtualenv:

authnzrv --autosetup --basedir=$(PWD)

If you're running it as a Docker container:

docker run -p 13431:13431 -v $(PWD):/home/authnzerver/basedir \
  --rm -it waqasbhatti/authnzerver:latest \
  --autosetup --basedir=/home/authnzerver/basedir

License

Authnzerver is provided under the MIT License. See the LICENSE file for details.

About

An authentication-authorization server built on Tornado.

Topics

python authentication authorization tornado

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

5 tags

Packages

No packages published

Languages