A very simple Ruby IndieAuth authorization and token endpoint heavily inspired by Acquiescence.
Authmenace uses JSON Web Tokens to grant access to third-party websites that implement the IndieAuth standard. It therefore does not need any database.
Ensure Ruby 3.3.4 is installed. Then run:
cp .env.example .env
bundle install
bundle exec puma
Remember to edit your new .env file to set the GitHub details and private key for JWTs.
Since I originally built Authmenace for myself, I have only implemented GitHub as an authentication provider. However, I am more than happy for others to contribute extra providers that have corresponding Omniauth strategies.
To use the GitHub provider, you need to create a new OAuth app to receive a client ID and secret using the following steps:
- Go to https://github.com/settings/developers
- Click the "New OAuth App" button
- Give your application a name and homepage (you should set these to the name and homepage of your website)
- Set the authorization callback URL to
https://your.domain/auth/github/callback, whereyour.domainis the domain you're using to host Authmenace - Click the "Register application" button
- You will see a client ID - make a note of this
- Click the "Generate a new client secret" button
- Make a note of the client secret (it will not be shown again)
- Use these details to set the environment variables for the app
GITHUB_CLIENT_ID: the client ID of the GitHub OAuth appGITHUB_CLIENT_SECRET: the client secret of the GitHub OAuth appGITHUB_USERNAME: your GitHub username (only this username will be allowed to authenticate)JWT_PRIVATE_KEY: an ECDSA private key to use for signing generated JWTs
bundle exec rspec
Please open an issue on the GitHub repository for any bugs.
All contributions are welcome. Feel free to fork the original GitHub repository, make your changes and then open a Pull Request against the original GitHub repository. Alternatively, if you're not comfortable writing code, please open an issue.