A standalone service to handle authentication and authorization.
User signup, authentication and authorization are integral parts of any SAAS product. When we kick start a new product development we can either use services like AWS cognito , Auth0 etc or build ourselves to achieve this, Even if we use external services we end up writing a wrapper. This service tries to implement the user authentication and authorization features needed for any application.
Service can be used as mentioned below
- Deploy as a standalone service for managing authentication and authorization
- Use it as a starting point for new product development and build new features on top of it.
Developers can customise this as per their requirement.
- Signup using phone number/email and password
- Login using phone number/email and password
- Signup using phone number/email and OTP (custom totp + message via sendgrid / twilio)
- Validating OTP
- Recaptcha v2 and v3 implementation
- Signup using google
- Authentication using JWT access token
- Ability to refresh the token
- Option to change password
- Managing groups
- Assign user to a group
- Manage permissions for different apis
- Assigning permissions to a group or individual user.
- Authorize a user based on their permissions(direct permissions and group permissions)
- Clone the repo and execute command
npm install
- Create a copy of the env.sample file and rename it as .env
- Install postgres and redis
- Provide postgres, redis secrets and default user details in .env file as mentioned below
Database configuration(Required) | |
---|---|
POSTGRES_HOST | localhost |
POSTGRES_PORT | 5432 |
POSTGRES_USER | postgres |
POSTGRES_PASSWORD | postgres |
POSTGRES_DB | auth_service |
Redis Cache configuration(Required) | |
---|---|
REDIS_HOST | localhost |
REDIS_PORT | 6379 |
REDIS_CACHE_TTL | 3600 |
REDIS_MAX_ITEM_IN_CACHE | 1000 |
Authentication Configuration(Required) | |
---|---|
OTP_SECRET | secret |
JWT_TOKEN_EXPTIME | 3600 |
JWT_REFRESH_TOKEN_EXP_TIME | 36000 |
ENV | local |
Other Configuration(Required) | |
---|---|
PORT | 4000 |
DEFAULT_ADMIN_PASSWORD | Should be atleast 10 characters |
Google social login Configuration(Optional) | |
---|---|
GOOGLE_CLIENT_ID | |
GOOGLE_SECRET | |
APP_URL | the URL of the application to which the redirect should happen |
Google recaptcha Configuration(Optional) | |
---|---|
RECAPTCHA_SECRET_KEY | secret |
RECAPTCHA_VERIFY_URL | https://www.google.com/recaptcha/api/siteverify |
MIN_RECAPTCHA_SCORE | Required for Recaptcha V3 |
OTP Sender Configuration(Optional) | |
---|---|
IS_TWILIO_INTEGRATED | false |
TWILIO_ACC_SID | required only if you are using any twilio service(sms sender or verify tool) |
TWILIO_AUTH_TOKEN | required only if you are using any twilio service(sms sender or verify tool) |
TWILIO_SENDING_NUMBER | required only if you are using any twilio service(sms sender or verify tool) |
OTP_VERIFY_TOOL | twilio or default |
TWILIO_VERIFY_SID | required only if otp verify tool is twilio |
SMS_INTEGRATION | twilio or aws |
OTP_WINDOW | 300 |
OTP_STEP | 1 |
- Run
npm run run-migrations
- Run
npm run start
- Service should be up and running in http://localhost:${PORT}.
- A default admin user with email [email protected] and password given in
DEFAULT_ADMIN_PASSWORD
will already be available in the application. This user will be associated to the defaultAdmin
group which will have the permissions to create/update permissions, create/update groups, create/update entities and update a user
We can ensure the health of the service by accessing http://localhost:${PORT}/auth/api/health.
Inorder to login by Google, access the following URL in browser http://localhost:4000/auth/api/google
GraphQL endpoint