A simple passwordless authentication middleware that uses only email as the authentication provider

email auth

A simple passwordless authentication middleware that uses only email as the authentication provider.

Motivation

I wanted to restrict access to a simple HTTP service for certain users without the hassle of managing their passwords. Did not have LDAP server, SSO or OAuth 2.0 service where their identity would be already managed. Using Basic authentication was not an option, because I would need to create a password for every single user and give it to them.

I created this simple service that prompts for a user's email, checks it against a whitelist, and then sends a login link to the provided email. Once this login link is visited, the user is granted access for a certain amount of time. Previously mentioned authentications should be used whenever available. This project is just for the sake of simplicity and minimal overhead for its users and also developer, for the applications where email communication can be trusted to grant tokens.

Features

  • Passwordless authentication.
  • Manage access per email or per domain.
  • Plug & Play - you only need to provide access to SMTP server.
  • Easy HTML template customization.
  • Optional Redis support.
  • Optional API access using HTTP Basic Auth.

Getting started

You can find docker images on Github Package Registry.

services:
  email-auth:
    image: ghcr.io/m1k1o/email-auth:1.0
    environment:
      CFG_APP_URL: "https://127.0.0.1/auth"
      CFG_EMAIL_HOST: "smtp4dev"
      CFG_REDIS_ENABLED: "true"
      CFG_REDIS_HOST: "redis"
    ports:
     - "8080:8080"

You can copy config.yaml and modify, then mount it to ./config.yaml:/app/config.yaml.

Or you can set data using environment variables. They must start with CFG_, all upercase and muliple levels joined by _. E.g. CFG_APP_URL is key url located in section app inside the config file.

If you visit /verify URL, you get HTTP 200 (+ header with username, if specified in config) for logged in users, otherwise HTTP 307 redirect to app URL. For all other URLs that you visit, you get the login page. That means, any path prefix is accepted and you can have your login page at the /auth endpoint.

Example with traefik

  • Download docker-compose.yaml. Run docker-compose up -d.
  • Navigate to https://127.0.0.1/protected, you will be prompted to enter your email. Only @test.com domain is permitted.
  • After requesting login link, open http://127.0.0.1:5000 in new tab to receive test emails.
  • Visit the link you received in your email.
  • You will be redirected to the originally accessed service.

Screenshots

You can easily customize both page and email template in ./tmpl folder.

Login page

Login page

Login link received via email

Email

Login confirmation

Or HTTP redirect to accessed service based on HTTP Referer.

Logged in

Owner
Miroslav Šedivý
Miroslav Šedivý
https://github.com/m1k1o/email-auth
Similar Resources

:closed_lock_with_key: Middleware for keeping track of users, login states and permissions

Permissions2 Middleware for keeping track of users, login states and permissions. Online API Documentation godoc.org Features and limitations Uses sec

Dec 31, 2022

fastglue-csrf implements CSRF middleware for fastglue.

fastglue-csrf Overview fastglue-csrf implements CSRF middleware for fastglue.

Jan 5, 2022

ACL, RBAC, ABAC authorization middleware for KubeSphere

casbin-kubesphere-auth Casbin-kubesphere-auth is a plugin which apply several security authentication check on kubesphere via casbin. This plugin supp

Jun 9, 2022

OAuth 2.0 middleware service for chi (ported from gin by community member)

oauth middleware OAuth 2.0 Authorization Server & Authorization Middleware for go-chi This library was ported to go-chi from https://github.com/maxzer

Dec 8, 2022

Auth Middleware for session & white-listed routing

Auth Middleware for session & white-listed routing

Nov 4, 2021

JWT and Permission Middleware with MongoRPC

JWT and Permission Middleware with MongoRPC

Nov 19, 2021

Go-Guardian is a golang library that provides a simple, clean, and idiomatic way to create powerful modern API and web authentication.

❗ Cache package has been moved to libcache repository Go-Guardian Go-Guardian is a golang library that provides a simple, clean, and idiomatic way to

Dec 23, 2022

Package goth provides a simple, clean, and idiomatic way to write authentication packages for Go web applications.

Goth: Multi-Provider Authentication for Go Package goth provides a simple, clean, and idiomatic way to write authentication packages for Go web applic

Dec 29, 2022

Simple authentication and books management with GoFiber

Simple authentication and books management with GoFiber Simple authentication system with gofiber. Endpoints GET /api - Welcome message POST /api/auth

Nov 27, 2022
Comments
  • Login with pin

    Login with pin

    Let's say I open my emails on the phone and want to login on PC. I should get some PIN (4 - 6 numbers/letters) that I can type into that page.

    It should be only possible to do on that page - needs to store some extra cookie.

Related tags
Authentication & OAuth http middleware authentication email
Handle Web Authentication for Go apps that wish to implement a passwordless solution for users

WebAuthn Library This library is meant to handle Web Authentication for Go apps that wish to implement a passwordless solution for users. While the sp

Dec 30, 2022
Handle Web Authentication for Go apps that wish to implement a passwordless solution for users

WebAuthn Library This library is meant to handle Web Authentication for Go apps that wish to implement a passwordless solution for users. While the sp

Jan 1, 2023
simple-jwt-provider - Simple and lightweight provider which exhibits JWTs, supports login, password-reset (via mail) and user management.

Simple and lightweight JWT-Provider written in go (golang). It exhibits JWT for the in postgres persisted user, which can be managed via api. Also, a password-reset flow via mail verification is available. User specific custom-claims also available for jwt-generation and mail rendering.

Dec 18, 2022
fiber api key authentication middleware

fiber-key-auth Secure your fiber endpoints using API keys. Report Bug · Request Feature Table of Contents About The Project Built With Getting Started

Dec 14, 2022
Authorization and authentication. Learning go by writing a simple authentication and authorization service.

Authorization and authentication. Learning go by writing a simple authentication and authorization service.

Aug 5, 2022
Authelia: an open-source authentication and authorization server providing two-factor authentication
 Authelia: an open-source authentication and authorization server providing two-factor authentication

Authelia is an open-source authentication and authorization server providing two

Jan 5, 2022
Authentication Plugin for implementing Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0, SAML Authentication
 Authentication Plugin for implementing Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0, SAML Authentication

Authentication Plugin for implementing Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0, SAML Authentication

Jan 8, 2023
A dead simple, highly performant, highly customizable sessions middleware for go http servers.

If you're interested in jwt's, see my jwt library! Sessions A dead simple, highly performant, highly customizable sessions service for go http servers

Dec 19, 2022
Gets Firebase auth tokens (for development purposes only)Gets Firebase auth tokens

Firebase Token Gets Firebase auth tokens (for development purposes only) Getting started Create Firebase project Setup Firebase authentication Setup G

Nov 17, 2021
This package provides json web token (jwt) middleware for goLang http servers

jwt-auth jwt auth middleware in goLang. If you're interested in using sessions, checkout my sessions library! README Contents: Quickstart Performance

Dec 5, 2022