Savanni D'Gerinel 356395a503 | ||
---|---|---|
.. | ||
src | ||
tests | ||
CODE_OF_CONDUCT.md | ||
CONTRIBUTORS | ||
Cargo.lock | ||
Cargo.toml | ||
LICENSE | ||
readme.md | ||
shell.nix |
readme.md
Orizentic
Orizentic provides a library that streamlines token-based authentication, and a CLI tool for maintaining a database of tokens.
Credit
The name is a contraction of Auth(oriz)ation/Auth(entic)ation, and credit goes to Daria Phoebe Brashear.
The original idea has been debated online for many years, but the push to make this useful comes from Aria Stewart.
Tokens
Tokens are simple JWTs. This library simplifies the process by easily generating and checking JWTs that have only an issuer, an optional time-to-live, a resource name, a username, and a list of permissions. A typical resulting JWT would look like this:
{ iss = Savanni
, sub = health
, aud = "Savanni Desktop"
, exp = null
, nbf = null
, iat = 1499650083
, jti = 9d57a8d8-d11e-43b2-a4d6-7b82ad043994
, unregisteredClaims = { perms: [ "read", "write" ] }
}
The issuer
and audience
(or username) are almost entirely for human readability. In this instance, I issued a token that was intended to be used on my desktop system.
The subject
in this case is synonymous with Resource and is a name for the resource for which access is being granted. Permissions are a simple list of freeform strings. Both of these are flexible within your application and your authorization checks will use them to verify that the token can be used for the specified purpose.
CLI Usage
Library Usage
There are multiple errata for the documentation:
- There are, in fact, now two functions for saving and loading a database.
- An example for how to use the library is currently here for loading the database and here as part of the AuthMiddleware for an Iron server. I apologize for not writing this in more detail yet.
Language support
This library and application is only supported for Rust. Haskell and Go support has been discontinued, but can be revived if I discover folks have an interest. The token database is compatible across tools. See readmes in the language directory for usage information.
Future Haskell, Go, and other language versions of the library will be done through language bindings against the Rust utilities instead of through my previous clean-room re-implementations.
Nix installation
If you have Nix installed on your system, or you run NixOS, create this derivation:
orizentic.nix:
{ fetchFromGitHub }:
let src = fetchFromGitHub {
owner = "luminescent-dreams";
repo = "orizentic";
rev = "896140f594fe3c106662ffe2550f289bb68bc0cb";
sha256 = "05g7b0jiyy0pv74zf89yikf65vi3jrn1da0maj0k9fxnxb2vv7a4";
};
in import "${src}/default.nix" {}
At this time, you must have nixpkgs-19.03 defined (and preferably pointing to the 19.03 channel). I will parameterize this and update the instructions in the future.
I import this into my shell.nix with import ./orizentic.nix { inherit (pkgs) fetchFromGitHub; };
.
For a complete example, see my shell.nix file.
I have not bundled this application for any other distribution, but you should nave no trouble just building with just cargo build --release with Rust-1.33 and Cargo.