A simple passwordless authentication middleware that uses only email as the authentication provider

Overview

email auth

A simple passwordless authentication middleware that uses only email as the authentication provider.

Motivation

I wanted to restrict access to a simple HTTP service for certain users without the hassle of managing their passwords. Did not have LDAP server, SSO or OAuth 2.0 service where their identity would be already managed. Using Basic authentication was not an option, because I would need to create a password for every single user and give it to them.

I created this simple service that prompts for a user's email, checks it against a whitelist, and then sends a login link to the provided email. Once this login link is visited, the user is granted access for a certain amount of time. Previously mentioned authentications should be used whenever available. This project is just for the sake of simplicity and minimal overhead for its users and also developer, for the applications where email communication can be trusted to grant tokens.

Features

  • Passwordless authentication.
  • Manage access per email or per domain.
  • Plug & Play - you only need to provide access to SMTP server.
  • Easy HTML template customization.
  • Optional Redis support.
  • Optional API access using HTTP Basic Auth.

Getting started

You can find docker images on Github Package Registry.

services:
  email-auth:
    image: ghcr.io/m1k1o/email-auth:1.0
    environment:
      CFG_APP_URL: "https://127.0.0.1/auth"
      CFG_EMAIL_HOST: "smtp4dev"
      CFG_REDIS_ENABLED: "true"
      CFG_REDIS_HOST: "redis"
    ports:
     - "8080:8080"

You can copy config.yaml and modify, then mount it to ./config.yaml:/app/config.yaml.

Or you can set data using environment variables. They must start with CFG_, all upercase and muliple levels joined by _. E.g. CFG_APP_URL is key url located in section app inside the config file.

If you visit /verify URL, you get HTTP 200 (+ header with username, if specified in config) for logged in users, otherwise HTTP 307 redirect to app URL. For all other URLs that you visit, you get the login page. That means, any path prefix is accepted and you can have your login page at the /auth endpoint.

Example with traefik

  • Download docker-compose.yaml. Run docker-compose up -d.
  • Navigate to https://127.0.0.1/protected, you will be prompted to enter your email. Only @test.com domain is permitted.
  • After requesting login link, open http://127.0.0.1:5000 in new tab to receive test emails.
  • Visit the link you received in your email.
  • You will be redirected to the originally accessed service.

Screenshots

You can easily customize both page and email template in ./tmpl folder.

Login page

Login page

Login link received via email

Email

Login confirmation

Or HTTP redirect to accessed service based on HTTP Referer.

Logged in

Releases(v2.0.0)
Owner
Miroslav Šedivý
Miroslav Šedivý
Handle Web Authentication for Go apps that wish to implement a passwordless solution for users

WebAuthn Library This library is meant to handle Web Authentication for Go apps that wish to implement a passwordless solution for users. While the sp

Duo Labs 859 Jun 24, 2022
Handle Web Authentication for Go apps that wish to implement a passwordless solution for users

WebAuthn Library This library is meant to handle Web Authentication for Go apps that wish to implement a passwordless solution for users. While the sp

null 6 Jun 14, 2022
simple-jwt-provider - Simple and lightweight provider which exhibits JWTs, supports login, password-reset (via mail) and user management.

Simple and lightweight JWT-Provider written in go (golang). It exhibits JWT for the in postgres persisted user, which can be managed via api. Also, a password-reset flow via mail verification is available. User specific custom-claims also available for jwt-generation and mail rendering.

Max 25 May 18, 2022
fiber api key authentication middleware

fiber-key-auth Secure your fiber endpoints using API keys. Report Bug · Request Feature Table of Contents About The Project Built With Getting Started

Ben 4 Feb 15, 2022
Authorization and authentication. Learning go by writing a simple authentication and authorization service.

Authorization and authentication. Learning go by writing a simple authentication and authorization service.

Dinesh Bhattarai 0 Jan 30, 2022
Authelia: an open-source authentication and authorization server providing two-factor authentication

Authelia is an open-source authentication and authorization server providing two

Streato 0 Jan 5, 2022
Authentication Plugin for implementing Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0, SAML Authentication

Authentication Plugin for implementing Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0, SAML Authentication

Paul Greenberg 432 Jun 25, 2022
A dead simple, highly performant, highly customizable sessions middleware for go http servers.

If you're interested in jwt's, see my jwt library! Sessions A dead simple, highly performant, highly customizable sessions service for go http servers

Adam Hanna 65 May 4, 2022
Gets Firebase auth tokens (for development purposes only)Gets Firebase auth tokens

Firebase Token Gets Firebase auth tokens (for development purposes only) Getting started Create Firebase project Setup Firebase authentication Setup G

MousyBusiness 1 Nov 17, 2021
This package provides json web token (jwt) middleware for goLang http servers

jwt-auth jwt auth middleware in goLang. If you're interested in using sessions, checkout my sessions library! README Contents: Quickstart Performance

Adam Hanna 217 Jun 7, 2022
:closed_lock_with_key: Middleware for keeping track of users, login states and permissions

Permissions2 Middleware for keeping track of users, login states and permissions. Online API Documentation godoc.org Features and limitations Uses sec

Alexander F. Rødseth 458 Jun 24, 2022
fastglue-csrf implements CSRF middleware for fastglue.

fastglue-csrf Overview fastglue-csrf implements CSRF middleware for fastglue.

Joe Paul 13 Jan 5, 2022
ACL, RBAC, ABAC authorization middleware for KubeSphere

casbin-kubesphere-auth Casbin-kubesphere-auth is a plugin which apply several security authentication check on kubesphere via casbin. This plugin supp

Casbin 4 Jun 9, 2022
OAuth 2.0 middleware service for chi (ported from gin by community member)

oauth middleware OAuth 2.0 Authorization Server & Authorization Middleware for go-chi This library was ported to go-chi from https://github.com/maxzer

go-chi 13 Jun 4, 2022
Auth Middleware for session & white-listed routing

Auth Middleware for session & white-listed routing

Joe Gasewicz 2 Nov 4, 2021
JWT and Permission Middleware with MongoRPC

JWT and Permission Middleware with MongoRPC

mongorpc 1 Nov 19, 2021
Go-Guardian is a golang library that provides a simple, clean, and idiomatic way to create powerful modern API and web authentication.

❗ Cache package has been moved to libcache repository Go-Guardian Go-Guardian is a golang library that provides a simple, clean, and idiomatic way to

Sanad Haj Yahya 374 Jun 21, 2022
Package goth provides a simple, clean, and idiomatic way to write authentication packages for Go web applications.

Goth: Multi-Provider Authentication for Go Package goth provides a simple, clean, and idiomatic way to write authentication packages for Go web applic

Mark Bates 3.7k Jun 27, 2022
Simple authentication and books management with GoFiber

Simple authentication and books management with GoFiber Simple authentication system with gofiber. Endpoints GET /api - Welcome message POST /api/auth

Arif Amir 9 Apr 30, 2022