Authly is a robust, self-hosted authentication and authorization service designed for modern applications. It provides a secure, compliant, and developer-friendly foundation for managing user identities and access controls.
- Secure Authentication: Complete login and registration flows.
- Session Management: HttpOnly cookies for secure session handling, preventing XSS attacks.
- Hybrid Security Model: Combines standard OAuth2 token flows for clients with secure cookie-based sessions for the frontend SPA.
- Standard Compliance: Implements RFC 6749 (OAuth 2.0) and OpenID Connect.
- Grant Types: Supports Authorization Code, Refresh Token, Client Credentials, and Password grants.
- PKCE Support: Enforced Proof Key for Code Exchange (RFC 7636) for enhanced security on public clients.
- Token Rotation: Secure refresh token rotation to mitigate token theft.
- RBAC: Role-Based Access Control for managing user permissions.
- Fine-Grained Permissions: Detailed permission scoping for services and resources.
- Docker and Docker Compose
- Go 1.25+ (for local development)
- Node.js 20+ (for local development)
-
Clone the repository:
git clone https://github.com/Anvoria/authly.git cd authly -
Start the services:
docker compose up -d
The services will be available at:
- Frontend: http://localhost:3000
- Backend API: http://localhost:8000
Authly includes a CLI tool for administrative tasks and key management.
To build and use the CLI:
cd backend
go build -o bin/authly-cli cmd/authly-cli/main.go
./bin/authly-cli --helpAvailable commands:
keys: Manage JWK signing keys (generate, rotate).admin: Administrative tasks for user and system management.
This project is licensed under the MIT License - see the LICENSE file for details.