Simple Auth

Simple-Auth is a designed to be an easy way to manage your site's users. Unlike large complex solutions, it aims to provide simple login and user-management to a small or medium site. It doesn't try to replace global authentication providers or enterprise user management (kerberos, active directory, etc...)

TIP

Looking to get started? See Quickstart

Features include:

• Local user management (create account, login, TOTP two-factor)
• Credential validation via API and OAuth2 / OIDC
• Reverse proxy to downstream service blocked by login (gateway)
• Per-request vouching (eg. for NGINX auth_request to act as a validator for login), to act as an authentication portal
• Same-domain/subdomain login provider via cookie validation
• Various API implementations to authenticate a user (Local username/password, third-party OIDC, etc)
• OpenID Connect Login (OIDC) eg. Google Auth
• Optional welcome email and email-verification
• Forgot/lost password
• Login/access-attempt auditing
• REST API to all underlying functionality
• Mobile friendly
• White-label deployment using customizations

Why Not...

There are plenty of other authentication providers out there. You can always roll your own or use another solution like Okta (opens new window), Gluu (opens new window) or Keycloak (opens new window). While these services are perfectly fine (they're great, infact), simple-auth tries to be simple. Our quickstart is incredibly short and the hosting modes allow zero-to-fully setup in less than 5 minutes.

Long story short, if you have the use case and time to look at another provider, please do! If you're looking for something simple and easy to get started with, simple-auth may be for you.

Concepts

Objects

At the root of the object representation sits the "Account". It is associated with a unique email. By itself, an account does not give access to login, it needs an authentication object associated with it.

graph TD A[Account] --> AA{User Authenticates} subgraph Authenticators AA --> B[Local Auth] B --> B2[TOTP/2FA] AA --> C[OAuth2] AA --> E[One-Time Auth] end A --> D[Audit Log]

By default, simple-auth is split into three layers:

1. Login Providers: The mechanisms that allow creating an account object, and how a user logs in. For example, a Local account or OIDC (OAuth2)
2. Authenticators (API): How dowstream apps can authenticate with simple-auth. Usually via API or requests
3. Access Layer: How web applications can authenticate with simple-auth

You can find more information on all three layers on the left. Not all 3 layers are required for a functional setup.

Next Steps

Try heading over to Quickstart and giving it a try!