monorepo/orizentic
2023-10-03 17:59:55 -04:00
..
src Import orizentic 2023-10-03 17:59:55 -04:00
tests Import orizentic 2023-10-03 17:59:55 -04:00
Cargo.lock Import orizentic 2023-10-03 17:59:55 -04:00
Cargo.toml Import orizentic 2023-10-03 17:59:55 -04:00
CODE_OF_CONDUCT.md Import orizentic 2023-10-03 17:59:55 -04:00
CONTRIBUTORS Import orizentic 2023-10-03 17:59:55 -04:00
LICENSE Import orizentic 2023-10-03 17:59:55 -04:00
readme.md Import orizentic 2023-10-03 17:59:55 -04:00
shell.nix Import orizentic 2023-10-03 17:59:55 -04:00

Orizentic

CircleCI

Documentation

Orizentic provides a library that streamlines token-based authentication, and a CLI tool for maintaining a database of tokens.

Credit

The name is a contraction of Auth(oriz)ation/Auth(entic)ation, and credit goes to Daria Phoebe Brashear.

The original idea has been debated online for many years, but the push to make this useful comes from Aria Stewart.

Tokens

Tokens are simple JWTs. This library simplifies the process by easily generating and checking JWTs that have only an issuer, an optional time-to-live, a resource name, a username, and a list of permissions. A typical resulting JWT would look like this:

{ iss = Savanni
, sub = health
, aud = "Savanni Desktop"
, exp = null
, nbf = null
, iat = 1499650083
, jti = 9d57a8d8-d11e-43b2-a4d6-7b82ad043994
, unregisteredClaims = { perms: [ "read", "write" ] }
}

The issuer and audience (or username) are almost entirely for human readability. In this instance, I issued a token that was intended to be used on my desktop system.

The subject in this case is synonymous with Resource and is a name for the resource for which access is being granted. Permissions are a simple list of freeform strings. Both of these are flexible within your application and your authorization checks will use them to verify that the token can be used for the specified purpose.

CLI Usage

Library Usage

orizentic - Rust

There are multiple errata for the documentation:

Language support

This library and application is only supported for Rust. Haskell and Go support has been discontinued, but can be revived if I discover folks have an interest. The token database is compatible across tools. See readmes in the language directory for usage information.

Future Haskell, Go, and other language versions of the library will be done through language bindings against the Rust utilities instead of through my previous clean-room re-implementations.

Nix installation

If you have Nix installed on your system, or you run NixOS, create this derivation:

orizentic.nix:

{ fetchFromGitHub }:
let src = fetchFromGitHub {
        owner = "luminescent-dreams";
        repo = "orizentic";
        rev = "896140f594fe3c106662ffe2550f289bb68bc0cb";
        sha256 = "05g7b0jiyy0pv74zf89yikf65vi3jrn1da0maj0k9fxnxb2vv7a4";
    };
in import "${src}/default.nix" {}

At this time, you must have nixpkgs-19.03 defined (and preferably pointing to the 19.03 channel). I will parameterize this and update the instructions in the future.

I import this into my shell.nix with import ./orizentic.nix { inherit (pkgs) fetchFromGitHub; };.

For a complete example, see my shell.nix file.

I have not bundled this application for any other distribution, but you should nave no trouble just building with just cargo build --release with Rust-1.33 and Cargo.