Security News
PyPI’s New Archival Feature Closes a Major Security Gap
PyPI now allows maintainers to archive projects, improving security and helping users make informed decisions about their dependencies.
By Sarah Gooding - Jan 30, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
authmagic
Reusable, extendable authorization service.
Motivation
How many time you had to reimplement separate authorization service in your projects? Almost any authorization factor you need was already implemented many times. Why do it again? There are other solutions to achieve similar result. Authmagic is different because it's architecture designed with simplicity and extendability in mind.
Why would you ever separate resource service and authorization service?
- If you would have multiple client applications then there will be no need to reimplement authorization logic.
- Separation of concerns. If you have an option to make your architecture and code simpler - please, do it, it will pay off when your app grows.
- External clients applications could trust your authorization service (OAuth 2).
Structure
Authmagic itself is a holder for core, plugins and theme.
At the moment we have only one core implemented - authmagic-timerange-stateless-core.
Different cores could give you different authorization workflows. You can have OAuth core, core to authorize with username/password stored in the db, single-factor authorization with magic link or code.. Or even core which will be a fork for multiple cores.
Our goal is to keep everything flexible and simple. Plugins are extensions for the core. For example, you may want to send magic link for single-factor authorization via email or sms, or in messenger. Or you may want to connect to postgresql db, or you may want to keep your users list in the sql lite.. Plugins are dependent on a core.
Theme is what you see during authorization process. If you have a small project or if you are okay with some standard UI - it's for you. Also, you may easily edit (fork) theme to adapt it to your design requirements.
Framework connectors are used to allow your API's to communicate with authorization service. For example you may work with ruby on rails and you would have a private page for user Mike, so you would like to verify that page was requested by Mike.
What's inside?
We decided to built authmagic with Node.js. Node.js continues to expand the market and almost any developer can read javascript today. It makes authmagic more commonly understandable without a tangible tradeoff in the performance (go or elixir could be better choise here) and "code quality" (something more similar to java would be better for this metric). Authmagic expects that core would be created with koa2 framework.
Configuration file
To specify core, plugins, theme and their parameters authmagic.js (configuration file's name) should be used. Example of configuration file:
module.exports = {
"core": {
"name": "authmagic-timerange-stateless-core",
"source": "../authmagic-timerange-stateless-core"
},
"plugins": {
"authmagic-email-plugin": {
"source": "../authmagic-email-plugin"
}
},
"params": {
"authmagic-email-plugin": {
"isTest": true,
"mailer": {
"auth": {
"user": "",
"pass": ""
},
"host": "smtp.ethereal.email",
"port": 587,
"secure": false
},
"from": "AuthMailer",
"subject": "Your Magic Link"
},
"authmagic-timerange-stateless-core": {
"duration": 300,
"key": "ad6de0e6c809b89b",
"sendKeyPlugin": "authmagic-email-plugin",
"expiresIn": 1200
}
},
"port": 3000,
"theme": {
"name": "authmagic-link-email-phone-bootstrap-theme",
"source": "../authmagic-link-email-phone-bootstrap-theme"
}
};
You can generate these files simply writing few lines in the console using authmagic-cli. It will download and install core, plugins, theme and help you to configure them.
Getting started
Check authmagic-getting-started-example.
Collaboration
Working is better then unfinished perfect. Project is in the alpha version, we are testing it out. If you see architectural issues, things to improve or you just have something relevant to share, drop me few words: oleksandrknyga@gmail.com I would also be glad to help you to integrate authmagic into your projects. Pull requests are welcome as well.
Licence
authmagic is MIT licensed.
FAQs
Unknown package
The npm package authmagic receives a total of 6 weekly downloads. As such, authmagic popularity was classified as not popular.
We found that authmagic demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Package last updated on 05 Jul 2021
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
North Korean APT Lazarus Targets Developers with Malicious npm Package
Malicious npm package postcss-optimizer delivers BeaverTail malware, targeting developer systems; similarities to past campaigns suggest a North Korean connection.
By Kirill Boychenko, Peter van der Zee - Jan 29, 2025
Security News
CISA Brings KEV Data to GitHub
CISA's KEV data is now on GitHub, offering easier access, API integration, commit history tracking, and automated updates for security teams and researchers.
By Sarah Gooding - Jan 29, 2025