WitchAuth

Small IAM server.

Why?

WitchAuth is currently an excersize but I believe its best to have a target. In that scope, this project tries to empower small communities and groups to have an identity provider for easy management and better security through SSO.

I believe this can be achieved by chasing two buzzwords:

• Easy to deploy: Trivial to run in a container or as a system service (supervised by s6, systemd etc.)
• Easy to manage: Uses SQLite to remove database administration work. Stream it with litestream and restart the service when needed.

Roadmap

• Passable OIDC support with minimum JWT nonsense

  • OAuth 2.0
  • OIDC Core
  • OIDC Discovery

• At least bare minimum security effort

  • Somewhat basic login page protection
  • TOTP
  • WebAuthn maybe?

• Smooth Management

  • Easy to admin via CLI
  • Easy to admin via API
  • Easy to admin via a basic panel

• Alternative storage?

  • PostgreSQL?
  • FoundationDB?

Future Work

HSM (yubihsm maybe?) and/or Vault support would be really nice.

SAML? (oh god please no)

Dependency Tracking

Things to look for in the project's dependencies

• Check when rsa uses crypto-bigint

  • Will take some time, AFAIK DynResidue and its friends aren't up to task.

• Find a way to get rid of ahash

License

Copyright (C) 2023 Aydin Mercan <aydin@mercan.dev>

This repository is licensed under the EUPL 1.2.
The English version of the text is included in the LICENSE file.
Please refer to https://joinup.ec.europa.eu/community/eupl/og_page/eupl for more information.