This project is being retired. I'm keeping this repository online so security bugs can be fixed, but new projects should no longer rely on this.
When this project was created at the time, the space wasn't quite as crowded as it is now, and this project never hit a level of popularity of contributions to justify continuing to work on this.
If you were a user or contributor in the past, thank you for your support! I hope you're not too frustrated by this decision.
If you are looking for a similar project, I recommend checking out Keycloak, which is a very mature and feature-rich authentication server. The OAuth2 website also has a list of implementations.
a12n is short for "authentication".
a12n-server is a simple authentication server that implements the OAuth2 and OpenID Connect standards.
It's goals is to create a fast, lightweight server that can be quickly deployed on both dev machines and
in production.
- Node.js > 18.x
- MySQL, Postgres or Sqlite
Get a test server by running:
mkdir a12n-server && cd a12n-server
npx @curveball/a12n-serverThis will automatically create a configuration file and sqlite database in the current directory.
Then, just open http://localhost:8531/ to create your admin account. See Getting started for more ways to run the server.
Run from source or run the codebase with Docker
This project has been used in production since 2018 and continues to be actively maintained.
Instead of rolling your own authentication system, you get A LOT of features for free 🪄:
| Supported Features | Details |
|---|---|
| User Management | • Create, update, delete and list users with our User API • Password reset/recovery flow |
| Authentication Methods | • Username/password login • Multi-factor authentication (MFA): • TOTP (Time-based One-Time Passcodes with Google Authenticator) • Email one-time codes • WebAuthN hardware keys |
| Authorization | • Role-based access control (RBAC) • Groups and permissions management • Fine-grained access policies |
| OAuth2 Support | • Multiple grant types (Authorization code, client credentials, etc) • Token introspection and revocation • PKCE for enhanced security • JWT access tokens (RFC 9068) |
| OpenID Connect | • Standard OIDC configuration endpoints • Discovery document • JSON Web Key Sets (JWKS) • Multiple response types |
| Developer Experience | • Browser-based admin UI • Browsable REST API with HTML and JSON responses • Signup and login views included |
The server supports OAuth2 and OpenID Connect, with support for the following features and standards:
- Authorization code, client credentials, password and implicit grants.
- OAuth2 discovery document and OpenID Connect configuration endpoint.
- OAuth 2 Token Introspection.
- Proof Key for Code Exchange (PKCE).
- JSON Web Key Sets.
- OAuth2 Token Revocation
- RFC 9068 - JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens.
- OAuth 2.0 Multiple Response Type Encoding Practices