Auth service with Multi-Factor Authentication (MFA), permission management, and token-based access. It supports user login, registration, and secure access to applications.
- User Authentication: Login and Registration functionalities.
- Access & Refresh Tokens: Secure token-based authentication.
- Multi-Factor Authentication (MFA): Supports OTP and email-based verification codes.
- Permission Logic: Granular control over user permissions.
- Redis
- PostgreSQL
- SQLAlchemy
Ensure you have the following installed:
- Docker & Docker Compose
- Git
- Maketools
- Clone the Repository
git clone https://github.com/KERELKO/auth-service
cd auth-service- Create .env file based on .env.example
cat .env.example > .env- Build and run docker containers
docker compose up --buildOTP MFA requires any authenticator (e.g. Google Authenticator).
To pass MFA with email code you need to set APP_EMAIL_ADDRESS in .env file (You can use your own google email)
But to make it work you need to turn on 2-Step Verification, create password for the app and paste this password to APP_EMAIL_PASSWORD in .env file
To test OAuth2.0 you need to register the app in Github or Google and have public https url that can serve as redirect_uri for the OAuth2.0 provider.
Google OAuth2.0 documentation
GitHub OAuth2.0 documentation
After registering the application with your chosen service, you will receive a Client ID and Client secret. Copy these values and add them to .env file
GOOGLE_CLIENT_ID=google_client_id
GOOGLE_CLIENT_SECRET=google_client_secret
GITHUB_CLIENT_ID=github_client_id
GITHUB_CLIENT_SECRET=github_client_secret
Install tunnelmole and run with
tmole 8000
You will see public http and https urls
take the https url and paste it to OAUTH_REDIRECT_URI in .env file with /oauth/callback suffix
Run the application
docker compose up
In the Browser enter url <tmole https url>/oauth/login?provider=(google or github) and pass the OAuth2.0 flow
At the moment app does not expose web API, and can be tested only with pytest or mock FastAPI endpoints for OAuth2.0
All implemented features tested in tests folder.
Run all tests (Including expected input from the user)
make tests
Run auto tests
make auto-tests
If you want to run specific test
make shell
pytest tests/.../test_you_want_to_run.py
# MFA tests with OTP
pytest tests/usecases/interactive/test_mfa_with_otp.py
# MFA tests with email code
pytest tests/usecases/interactive/test_mfa_with_email_code.py
Inspect all available Make commands in Makefile file
- Implement MFA with Security Token, Fingerprint
- Implement use cases for:
- Reset password
- Forgot password
- Application OAuth2.0 interface
- Integrate roles to permissions logic
- Extend notification services with PushNotificationService
- FastAPI endpoints for use cases
- Add email verification
- Celery/Taskiq for notification services