Asteroid

Authorization Server on sTEROIDs.

Asteroid is an OAuth2 server designed for performance, extensibility and maintenability. It benefits from the high performances and reliability of the Erlang Virtual Machine.

Project status

This project is no longer maintained and is not suitable for use in production. In particular, the identity backend (AttributeRepository) is buggy, does not support SQL databases and needs a major rewrite. Other components (such as object stores, crypto backend, ...) and the whole application would need some rewriting too.

It is unlikely the author will find time to work on this project in the future.

Protocol support

Asteroid supports the following specifications:

• OAuth2:
  • The OAuth 2.0 Authorization Framework (RFC6749)
  • The OAuth 2.0 Authorization Framework: Bearer Token Usage (RFC6750) with APIacAuthBearer
  • OAuth 2.0 Token Introspection (RFC7662)
  • OAuth 2.0 Token Revocation (RFC7009)
  • Proof Key for Code Exchange by OAuth Public Clients (RFC7636)
  • OAuth 2.0 Dynamic Client Registration Protocol (RFC7591)
  • OAuth 2.0 Authorization Server Metadata (RFC8414)
  • OAuth 2.0 Device Authorization Grant (RFC8628)
  • JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens (draft-ietf-oauth-access-token-jwt-00)
• OpenID Connect:
  • OpenID Connect Core 1.0 incorporating errata set 1
  • OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 1
  • OAuth 2.0 Multiple Response Type Encoding Practices
  • OAuth 2.0 Form Post Response Mode
  • OpenID Connect Discovery 1.0 incorporating errata set 1

Asteroid strives to fully implement the specifications. For specifics about support, refer to the documentation.

Demo flows

The demo_auth_workflow branch implements two flows. Refer to the documentation for more information.

OAuth2 flow

OpenID Connect flow

Install from source

First, install Elixir. Then clone this repository and launch Asteroid:

git clone https://github.com/tanguilp/asteroid.git

cd asteroid/

mix deps.get

iex -S mix phx.server

Documentation

You can build documentation using mix:

mix docs

The documentation is generated in the doc/ folder.

It is also published here.

It contains information related to the use of the test application in the "Running the demo app" section.