TD_AUTH_ALLOW_PROXY_LOGIN(Optional) Boolean value to allow proxy login. Default:false
DB_USER(Required) Database usernameDB_PASSWORD(Required) Database passwordDB_NAME(Required) Database nameDB_HOST(Required) Database hostnameDB_PORT(Optional) Database port. Default:5432DB_POOL_SIZE(Optional) Database connection pool size. Default:4DB_TIMEOUT_MILLIS(Optional) Database timeout in milliseconds. Default:15000DB_SSL(Optional) Boolean value to enable SSL configuration. Default:falseDB_SSL_CACERTFILE(Optional) Path to the Certification Authority (CA) certificate file, e.g./path/to/ca.crtDB_SSL_VERSION(Optional) Supported versions aretlsv1.2andtlsv1.3. Default:tlsv1.2DB_SSL_CLIENT_CERT(Optional) Path to the client SSL certificate fileDB_SSL_CLIENT_KEY(Optional) Path to the client SSL private key fileDB_SSL_VERIFY(Optional) Specifies whether server certificates should be verified. Default:verify_none
GUARDIAN_SECRET_KEY(Required) Secret key for JWT token signingACCESS_TOKEN_TTL_SECONDS(Optional) Access token time to live in seconds. Default:600REFRESH_TOKEN_TTL_SECONDS(Optional) Refresh token time to live in seconds. Default:86400
AUTH0_PROTOCOL(Optional) Auth0 protocolAUTH0_DOMAIN(Optional) Auth0 domainAUTH0_CLIENT_ID(Optional) Auth0 client IDAUTH0_AUDIENCE(Optional) Auth0 audienceAUTH0_REDIRECT_URI(Optional) Auth0 redirect URIAUTH0_SCOPE(Optional) Auth0 scopeAUTH0_CONNECTION(Optional) Auth0 connection
LDAP_SERVER(Optional) LDAP server hostnameLDAP_BASE(Optional) LDAP base DNLDAP_PORT(Optional) LDAP portLDAP_SSL(Optional) LDAP SSL configurationLDAP_USER_DN(Optional) LDAP user DNLDAP_PASSWORD(Optional) LDAP passwordLDAP_CONNECTION_TIMEOUT(Optional) LDAP connection timeoutLDAP_BIND_PATTERN(Optional) LDAP bind patternLDAP_SEARCH_PATH(Optional) LDAP search pathLDAP_SEARCH_FIELD(Optional) LDAP search fieldLDAP_ATTR_VALIDATIONS_FILE(Optional) Path to LDAP attribute validations fileLDAP_MAPPING_USER_NAME(Optional) LDAP mapping for user name. Default:cnLDAP_MAPPING_FULL_NAME(Optional) LDAP mapping for full name. Default:givenNameLDAP_MAPPING_EMAIL(Optional) LDAP mapping for email. Default:mailLDAP_CREATE_GROUP(Optional) Set totrueto enable the creation of LDAP-based groups. Default:falseLDAP_GROUP_FIELDS(Optional) Comma-separated list of fields used to search for groups to assign to a userLDAP_ALLOWED_GROUPS(Optional) Comma-separated list of values used to create groups if they are found
AD_SERVER(Optional) Active Directory server hostnameAD_BASE(Optional) Active Directory base DNAD_PORT(Optional) Active Directory portAD_SSL(Optional) Active Directory SSL configurationAD_USER_DN(Optional) Active Directory user DNAD_PASSWORD(Optional) Active Directory passwordAD_CONNECTION_TIMEOUT(Optional) Active Directory connection timeoutAD_SEARCH_PATH(Optional) Active Directory search pathAD_CERT_PEM_FILE(Optional) Path to Active Directory certificate PEM file
OIDC_DISCOVERY_URI(Optional) OIDC discovery document URIOIDC_CLIENT_ID(Optional) OIDC client IDOIDC_CLIENT_SECRET(Optional) OIDC client secretOIDC_REDIRECT_URI(Optional) OIDC redirect URIOIDC_SCOPE(Optional) OIDC scopeOIDC_RESPONSE_TYPE(Optional) OIDC response type. Default:id_tokenOIDC_PROFILE_MAPPING(Optional) OIDC profile mapping configurationPKCE_CODE_CHALLENGE_METHOD(Optional) PKCE code challenge methodPKCE_CODE_VERIFIER_LENGTH(Optional) PKCE code verifier length. Default:128OIDC_CREATE_GROUP(Optional) Set totrueto enable the creation of OIDC-based groups. Default:falseOIDC_GROUP_FIELDS(Optional) Comma-separated list of fields used to search for groups to assign to a userOIDC_ALLOWED_GROUPS(Optional) Comma-separated list of regex patterns used to create groups- For example:
^GROUPwould allow all strings that start with "GROUP" - If this variable is not set, all values will be accepted
- For example:
SAML_CONTACT_EMAIL(Optional) SAML contact emailSAML_CONTACT_NAME(Optional) SAML contact nameSAML_IDP_METADATA_URL(Optional) SAML Identity Provider metadata URLSAML_ORG_DISPLAY_NAME(Optional) SAML organization display nameSAML_ORG_NAME(Optional) SAML organization nameSAML_ORG_URL(Optional) SAML organization URLSAML_SP_CERT(Optional) SAML Service Provider certificateSAML_CONSUME_URI(Optional) SAML consume URISAML_SP_ID(Optional) SAML Service Provider IDSAML_IDP_SIGNS_ENVELOPES(Optional) Whether the Identity Provider signs envelopesSAML_SP_KEY(Optional) SAML Service Provider keySAML_METADATA_URI(Optional) SAML metadata URISAML_TRUSTED_FINGERPRINTS(Optional) SAML trusted fingerprintsSAML_REJECT_ROLES(Optional) SAML roles to rejectSAML_ALLOW_GROUPS(Optional) SAML groups to allowSAML_CREATE_GROUP(Optional) Set totrueto enable the creation of SAML-based groups. Default:false
REDIS_HOST(Required) Redis hostnameREDIS_PORT(Optional) Redis port. Default:6379REDIS_PASSWORD(Optional) Redis passwordREDIS_AUDIT_STREAM_MAXLEN(Optional) Maximum length for Redis audit stream. Default:100REDIS_STREAM_MAXLEN(Optional) Maximum length for Redis stream. Default:100
PROXY_HOST(Optional) Proxy hostnamePROXY_PORT(Optional) Proxy port. Default:80PROXY_USER(Optional) Proxy usernamePROXY_PASSWORD(Optional) Proxy passwordCACERTFILE(Optional) Path to CA certificate file for HTTP clientHTTP_SSL_VERIFY(Optional) HTTP SSL verification mode. Can beverify_noneorverify_peerHTTP_SSL_CACERTFILE(Optional) Path to CA certificate file whenHTTP_SSL_VERIFYis set toverify_peerHTTP_URL_PREFIX(Optional) HTTP URL prefix
ACL_LOADER_SCHEDULE(Optional) Schedule for ACL loader job (cron format). Default:@rebootACL_REMOVER_SCHEDULE(Optional) Schedule for ACL remover job (cron format). Default:@hourlyROLE_LOADER_SCHEDULE(Optional) Schedule for role loader job (cron format). Default:@reboot
To start your Phoenix server:
- Install dependencies with
mix deps.get - Create and migrate your database with
mix ecto.create && mix ecto.migrate - Start Phoenix endpoint with
mix phx.server
Now you can visit localhost:4001 from your browser.
Ready to run in production? Please check our deployment guides.
TdAuth is a back-end service developed as part of True Dat project to manage users and application authentication
- API Rest interface
- User management
- Session management
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see https://www.gnu.org/licenses/.
In order to use this software, it is necessary that, depending on the type of functionality that you want to obtain, it is assembled with other software whose license may be governed by other terms different than the GNU General Public License version 3 or later. In that case, it will be absolutely necessary that, in order to make a correct use of the software to be assembled, you give compliance with the rules of the concrete license (of Free Software or Open Source Software) of use in each case, as well as, where appropriate, obtaining of the permits that are necessary for these appropriate purposes.
- Web framework by Phoenix Community
- Distributed PubSub and Presence platform for the Phoenix Framework by Phoenix Community
- Phoenix and Ecto integration by Phoenix Community
- PostgreSQL driver for Elixir by elixir-ecto Community
- HTTP server for Erlang/OTP by Nine Nines
- Static code analysis tool for the Elixir language by René Föhring
- Authentication library by ueberauth
- Password hashing library by David Whitlock
- Bcrypt password hashing algorithm for Elixir by David Whitlock
- Create test data for Elixir applications by thoughtbot, inc
- Elixir Plug to add CORS by Michael Schaefermeyer
- HTTP client for Elixir by Eduardo Gurgel Pinho
- Story BDD tool by Matt Widmann