a12n-server, a lightweight OAuth2 server.
In mid 2018, I just quit a bad job and slowly started getting interested in building things again.
I started working on an application, and needed an OAuth2 server. I was looking for a lightweight open source OAuth2 server library for Node. There were some alternatives available, but they were either very bulky, didn’t use Typescript or didn’t feel like they had the right abstractions or polish. A side-quest was born!
Building my own server let me get a better grasp on Typescript itself, test some other ideas I was playing with and I wanted to get to a point where I could say I fully grasp OAuth2.
It was pretty simple, a headless OAuth2 server with some database tables for access tokens, clients and users.
Fast forward 4 years, and this project has slowly grown from a hobby side-project to what I believe should be a strong contendor for devs looking to not build registration, login but want to keep this on-premise.
The project is called a12n-server, and has the following features:
- Login, registration, Lost password.
- Runs on MySQL, PostgreSQL and Sqlite.
- An access control model.
- A browsable REST api, using HAL, HAL-Forms and HTML.
- A simple admin interface.
- OAuth2
- Supported grants:
client_credentials,authorization_codeandpassword. - OAuth2 discovery document.
- PKCE.
- OAuth 2 Token Introspection.
- JSON Web Key Sets.
- OAuth2 Token Revocation
- Supported grants:
- MFA
- Google Authenticator (TOTP).
- WebauthN / Yubikeys
- A simple, flat, permission model.
secret-token:URI scheme.
Demo
If you want to try it out, run the following:
mkdir a12n-server
cd a12n-server
npx @curveball/a12n-server
This creates a sqlite and .env in your current directory and starts the server.
You can browse around http://localhost:8531, but data persists so this
doubles as a dev environment.
Screenshots
Next steps
If you’re checking a12n-server, I would love to hear if it works for you, but especially if it doesn’t. Where did you get stuck?
The project also desperately needs a new name and look, but hopefully I’ll have some updates in the next few months.