top | item 43516958

(no title)

dswbx | 11 months ago

Similar to Firebase it's multi-strategy based. You can use a combo of email/password or OAuth/OIDC (internally using https://github.com/panva/oauth4webapi) – currently there are 2 pre-configured (Google, Github), but it's easy to extend, so requests are welcome.

On the Authorization side, you can create roles and attach permissions to it. Those roles then get attached to users.

Claims are transported via JWT, you can configure its lifetime, secret and hashing. Currently it's stateless, meaning the token is not checked in a session store. But if there is demand, I'd prioritize adding this. I'm mainly exactly looking for feedback to prioritize next additions.

Hope this helps.

discuss

No comments yet.