1 unstable release
0.0.0 | Aug 7, 2023 |
---|
#28 in #iam
7KB
WitchAuth
Small IAM server.
Why?
WitchAuth is currently an excersize but I believe its best to have a target. In that scope, this project tries to empower small communities and groups to have an identity provider for easy management and better security through SSO.
I believe this can be achieved by chasing two buzzwords:
- Easy to deploy: Trivial to run in a container or as a system service (supervised by s6, systemd etc.)
- Easy to manage: Uses SQLite to remove database administration work. Stream it with litestream and restart the service when needed.
Roadmap
-
Passable OIDC support with minimum JWT nonsense
- OAuth 2.0
- OIDC Core
- OIDC Discovery
-
At least bare minimum security effort
- Somewhat basic login page protection
- TOTP
- WebAuthn maybe?
-
Smooth Management
- Easy to admin via CLI
- Easy to admin via API
- Easy to admin via a basic panel
-
Alternative storage?
- PostgreSQL?
- FoundationDB?
Future Work
HSM (yubihsm maybe?) and/or Vault support would be really nice.
SAML? (oh god please no)
Dependency Tracking
Things to look for in the project's dependencies
-
Check when
rsa
usescrypto-bigint
- Will take some time, AFAIK
DynResidue
and its friends aren't up to task.
- Will take some time, AFAIK
-
Find a way to get rid of
ahash
License
Copyright (C) 2023 Aydin Mercan <aydin@mercan.dev>
This repository is licensed under the EUPL 1.2.
The English version of the text is included in the LICENSE file.
Please refer to https://joinup.ec.europa.eu/community/eupl/og_page/eupl for more information.