fossapps / micro.auth Goto Github PK
View Code? Open in Web Editor NEWAuthentication in a container (Ready for alpha test)
Home Page: https://fossapps.github.io/Micro.Auth/
License: MIT License
micro.auth's People
Watchers
micro.auth's Issues
I know this .Result is a very bad idea (converting from async to sync)
security: stop timing attacks
while we're using bcrypt to do the hashing, I want to add extra layer of security,
whenever a user enters wrong password, I want to delay the response by LoginAttempts seconds before responding with a login failed.
This also solves bruteforcing issue. (Lockout already solved it, but this will be extra layer of security)
this might not be accurate behind a load balancer, so we might have to get X-For...
use graphql-dotnet federation
Currently I had to enable federation on my own. graphql-dotnet library should eventually enable federation.
If that's ready, update the package. remove custom implementation and use the library's implementation.
see if we need to migrate to jwk format
the jwt debugger must work & the keystore should also work :), there should be no breaking change for existing applications.
provide both ways to authenticate
currently only way to login or refresh a token is through REST endpoint which forces those routes to be public.
However, creating a mutation for login and refresh token would clear that and we could simply federate those two.
While the REST api still needs to be available, this wouldn't be a breaking change.
revamp structure
right now everything is on authentication controller, since this is a auth project, we can easily have multiple domains, need to create a signup domain, login domain, reset password domain, change password, etc.
remove swagger package
git hooks
improvements, federation, potential refactoring
add an sdk
all the setup for auth should be done in client, so that it's easy,
can even add KeyStore dependency directly, so that resolving that also can be done from right there,
and lastly RequirePermission attribute can also be implemented right there.
Version 2.0.0 coming soon
I'm sure no one is using this just yet, but in case anyone needs info,
I'm planning to release a major change which will be available in v2,
this change will remove a lot of endpoints and introduce GraphQL,
only login and refresh endpoints will stay, rest of them will be GraphQL.
Expect apollo federation support as well.
Development will happen in gql branch
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.