This project is actually a journey. This is a big evolution of the OAuth2 authorization server developed during my master thesis to an OpenID Connect authentication server. In this new version I expand the initial project in order to use JWT token embracing OpenID Connect protocol, all written in Kotlin based on Spring Boot 4.x and more over to the latest spring based oauth2.1/openid connect framework embedded in spring security 7+
Right now it is based, as said before to the latest version on spring oauth2/open id connect framework spring security 7+
API:
- Client Applications management
- roles management
- account management
- sign up: admin:signup scope is required
- welcome mail: admin:welcome scope is required
- email verification: admin:mail-verify scope is required
- reset password: admin:reset-password scope is required
- access_token/id_token customization via lambda, see here for more details
- MFA
- sms
- see here for more details
- Post login flow
- force to reset password
- back/front channel logout
- management api: custom actuator endpoint for more details look here
Storage:
- DynamoDB
- Redis:
- authorization code
- distributed session store
- distributed cache
- RSA key pair are created from KMS Customer Master Key stored on Dynamo, private key encrypted via KMS of course stored on Dynamo.
For more details please follow to this link readme.md
In order to build the application, you can use the build.sh script under managament-ui folder.
The docker-compose.yml file under the local folder cna be used to sin up a nginx exposed to the port 8085
To access to the application you can use the following link: http://local.management.vauthenticator.com:8085/secure/admin/index, please take care to have the local ip mapped to the local.management.vauthenticator.com in the host file.
The application configuration is very versatile and you can decide what persistence and key management provider to use AWS or not AWS native. For more details please refer to the detailed page here