lastlogin-io / obligator Goto Github PK
View Code? Open in Web Editor NEWSimple and opinionated OpenID Connect server designed for self-hosters
License: MIT License
Simple and opinionated OpenID Connect server designed for self-hosters
License: MIT License
Users need to be able to delete old identities and login history as desired
I have not done much digging into this project yet, but a suggestion I have after reading the readme file is in response to the blurb about sending a unique code to the email. The suggestion is to add a registration flow to confirm ownership of the email like you already are but then also allow linking that email to a FIDO2 token registration via webauthn, which is what passkeys use.
I suggest this because I use a variety of webauthn devices all the time now and I think that method of authenticating is much much better than passwords and is more convenient than clicking on a link sent to your email in my opinion. There are authenticator smartcards (my preference), USB tokens like yubikeys and the opensource derivatives, and of course now google and apple passkeys supported by the trusted platform modules or HSMs on the new phones.
pull access denied for anderspitman/obligator, repository does not exist or may require 'docker login'
Actually testing your interesting software ๐
At the moment it is not possible to use SMTP endpoints which require SSL/TLS encryption for sending mails (e.g. smtp.office365.com) with the docker image. Checked the code and in the struct there are no params for this use case.
It would be nice if this is possible.
Now that we're storing everything in JWTs, state isn't really doing anything, and it's optional https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.1
It is a pretty important feature for many within the auth / identity space. The only modern provider that seems to have support and documentation for "impersonation" is GoAuthentik - but I've not run through your full comparison table yet. Is that a feature you wouldn't mind adding to your comparison table?
Thanks!
By far the project most similar to obligator that I've found
Just need to return the requester's domain as the client_id and don't need to store anything
Don't see a good reason not to, and it offers some defense in depth. At least random apps on the user's machine won't be able to snoop all their logins
Should be safe as long as we don't have an open redirector
Currently the API is only offered through unix sockets. This reduces the chance that it accidentally gets exposed, which is important because it's not authenticated in any way.
Would you be open to embedding zero trust directly into the project via OpenZiti? OpenZiti allows you to have secure connectivity to the server from anywhere, via a zero trust overlay.
If that sounds interesting, I'd be happy to contribute a patch and if you're into it, demo it over on our YouTube channel too?
Currently using obligator_
as a prefix for all cookies. This should be controllable by the user as it is for the login key cookie
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.