#identity-management #iam #identity #session #role-based

yanked sontonio-iam

Delightfully simple Identity and Access Management for SMBs

11 releases

0.1.18-alpha.2 Jan 10, 2024
0.1.11 Jan 9, 2024

#26 in #iam

Download history 43/week @ 2024-07-25 1/week @ 2024-09-19 20/week @ 2024-09-26 11/week @ 2024-10-03

116 downloads per month

MIT license

16KB


Sontonio - IAM
Delightfully simple web essentials for SMBs

In open development. Not yet ready. Aiming for a basic version by end of January 2024.


Context

Happy New Year. It's 2024 and open source IAM still sucks for SMBs.

We call those reasons: JECK

JECK, the 4 IAM no-nos

  • JSON Web Tokens are used because they feel ergonomic for Javascript development. However, JWT's are insecure for session storage.
  • Enterprise-focused features because that's where the big money is.
  • Complex to implement because of too many features you don't use and terrible documentation.
  • Kludgeware is the final result. The software feels icky because if you try to please everyone, you end up delighting no one.

Why Another IAM Library?

  • Existing solutions go way beyond the essential problem complexity for simple SAAS web applications.
  • It's an interesting learning experience. Security is not simple and feedback is welcome. Disclose vulnerabilities responsibly.

Security

Core

  • Delightfully simple setup & deployment.
  • Multi-factor authentication (OTP + Hardware Key)
  • Allow users to reset their own passwords.
  • Location-based storage (For GDPR).
  • Cookie-based session storage.
  • Audit log.

FAQ

Q: Why no social login?

A: In short, because it's a mess. OAuth (Open Authorization) gets misused as an Authentication method and the responses from OAuth providers lack standardization. OIDC (OpenID Connect) further builds on top of OAuth and uses insecure JWT with their new (un)known risks.

License

Licensed under MIT

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the License, shall be licensed as above, without any additional terms or conditions.

Dependencies

~5–12MB
~123K SLoC