1 unstable release

0.0.0 Aug 7, 2023

#26 in #iam

EUPL-1.2

7KB

WitchAuth

Small IAM server.

Why?

WitchAuth is currently an excersize but I believe its best to have a target. In that scope, this project tries to empower small communities and groups to have an identity provider for easy management and better security through SSO.

I believe this can be achieved by chasing two buzzwords:

  • Easy to deploy: Trivial to run in a container or as a system service (supervised by s6, systemd etc.)
  • Easy to manage: Uses SQLite to remove database administration work. Stream it with litestream and restart the service when needed.

Roadmap

  • Passable OIDC support with minimum JWT nonsense

    • OAuth 2.0
    • OIDC Core
    • OIDC Discovery
  • At least bare minimum security effort

    • Somewhat basic login page protection
    • TOTP
    • WebAuthn maybe?
  • Smooth Management

    • Easy to admin via CLI
    • Easy to admin via API
    • Easy to admin via a basic panel
  • Alternative storage?

    • PostgreSQL?
    • FoundationDB?

Future Work

HSM (yubihsm maybe?) and/or Vault support would be really nice.

SAML? (oh god please no)

Dependency Tracking

Things to look for in the project's dependencies

  • Check when rsa uses crypto-bigint

    • Will take some time, AFAIK DynResidue and its friends aren't up to task.
  • Find a way to get rid of ahash

License

Copyright (C) 2023 Aydin Mercan <aydin@mercan.dev>

This repository is licensed under the EUPL 1.2.
The English version of the text is included in the LICENSE file.
Please refer to https://joinup.ec.europa.eu/community/eupl/og_page/eupl for more information.

No runtime deps