[](https://app.wercker.com/project/bykey/fe30b946cc0ec765b7f89d03ae512793)
This is the TCG auth service. It's named AuthX because it's an "exchange" of sorts, consolidating upstream identities from several authorities into a single identity for downstream clients. AuthX uses the (kinda disgusting) OAuth2 framework in both directions, and adds an authorization layer. Authorizations are based on the simple scopes spec.
The user is (obviously) the primary component. It consists of a unique ID and profile information in the format of Portable Contacts. Information in the profile is not verified, and is not directly used by AuthX system for authentication.
An authority is a mechanism for authentication, and provides the configuration for corresponding units of code called strategies. Several strategies are included by default:
Credentials connect users to authorities. A user can typically have multiple authorities of the same authority (multiple emails, for example).
Clients are downstream applications that uses AuthX for authentication/authorization.
A user gives a client permission to act on her behalf via a grant.
A role bestows its permissions to every user it includes.
╔══════════════════════════════════════════╗
║ ║
║ Upstream Providers ║
║ ║
║ │ ║
║▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓│▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓║
║ ┌────────────┐ ┌─────┴─────┐ ║
║ │ Credential ├─┤ Authority │ ║
║ └───┬────────┘ └───────────┘ ║
║ ┌───┴──┐ Authentication ║
║░░░│ User │░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░║
║ └─┬──┬─┘ ┌──────┐ ║
║ │ └────────────────┤ Role │ ║
║ ┌┴──────┐ ┌────────┐ └──────┘ ║
║ │ Grant ├─┤ Client │ ║
║ └───────┘ └───┬────┘ Authorization ║
║▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓│▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓║
║ │ ║
║ ║
║ Downstream Clients ║
║ ║
╚══════════════════════════════════════════╝
Scopes are composed of 3 domains, separated by the : character:
AuthX:role.abc:read
|___| |______| |__|
| | |
realm resource action
Each domain can contain parts, separated by the . character. Domain parts can be /[a-zA-Z0-9_]*/ strings or glob pattern identifiers * or **:
role.abc
role.*
**
AuthX dogfoods. It uses its own authorization system to restrict access to its resources. Below are the scopes used by AuthX internally:
AuthX:user:create
AuthX:user:read
AuthX:user:update
AuthX:user:delete
AuthX:me:read
AuthX:me:update
AuthX:me:delete
AuthX:role:create
AuthX:role.<role_id>:read
AuthX:role.<role_id>:update
AuthX:role.<role_id>:update.scopes
AuthX:role.<role_id>:update.assignments
AuthX:role.<role_id>:delete
AuthX:authority:create
AuthX:authority.<authority_id>:read
AuthX:authority.<authority_id>:update
AuthX:authority.<authority_id>:delete
AuthX:credential.<authority_id>.user:create
AuthX:credential.<authority_id>.user:read
AuthX:credential.<authority_id>.user:update
AuthX:credential.<authority_id>.user:delete
AuthX:credential.<authority_id>.me:create
AuthX:credential.<authority_id>.me:read
AuthX:credential.<authority_id>.me:update
AuthX:credential.<authority_id>.me:delete
AuthX:client:create
AuthX:client.<client_id>:read
AuthX:client.<client_id>:update
AuthX:client.<client_id>:update.scopes
AuthX:client.<client_id>:delete
AuthX:grant.<client_id>.user:create
AuthX:grant.<client_id>.user:read
AuthX:grant.<client_id>.user:update
AuthX:grant.<client_id>.user:delete
AuthX:grant.<client_id>.me:create
AuthX:grant.<client_id>.me:read
AuthX:grant.<client_id>.me:update
AuthX:grant.<client_id>.me:delete
FAQs
AuthX is designed for a scenario in which a **RESOURCE** needs to restrict access to all or part of its functionality. A **CLIENT** app, acting on behalf of a **User** can retreive an OAuth token from AuthX, which can be passed to the **RESOURCE** with an
The npm package authx receives a total of 22 weekly downloads. As such, authx popularity was classified as not popular.
We found that authx demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
Security News
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.
Security News
Bun 1.2 enhances its JavaScript runtime with 90% Node.js compatibility, built-in S3 and Postgres support, HTML Imports, and faster, cloud-first performance.