pknoth
Boruta - Yet an other OAuth 2.0 provider
Hi there!
I’ve been working on an OAuth provider for quite a time now. I published a package including the functional core and its corresponding Ecto/Cache adapters. Being quite new in the Elixir world, all feedbacks are welcome !
The package is based on an hexagonal architecture, Application layer is still a work in progress.
I use the package for personal projects, the interface begins to be stable while I integrate it. If it looks good for you and want to integrate it do not hesitate to reach me out.
It was an happy journey developing the package as it was intended to have a use case in order to learn Elixir.
Most Liked
pknoth
Hi again,
I just released the 2.0 stable version of Boruta, release candidate has been here for long enough to show the stability of the authorization API. There is still room for improvement for administration tools, they will come up along the way. It includes minor fixes and improved documentation like a how-to setup an authorization provider from scratch. Hoping it would help integrations. (Note that you have a few breaking changes to upgrade from release candidate listed in CHANGELOG)
For a reminder, the package is meant to implement OAuth 2.0 and OpenID Connect core 1.0 specifications in order to bring the core of an authorization server. One of the specificities of the implementation is that it is uncoupled with your user models using hexagonal architecture. Along with the core, you can generate basic Phoenix controllers, views, and templates to expose the specifications required endpoints. Have a look at hex.pm and at GitLab if you want to dig deeper, I would be happy to receive feedback.
Besides the package, I am working on a standalone version that would help to deploy an authorization provider instance easily. For that, it would include also an identity provider and an administration interface. I would be happy to have people involved in the decisions to take about the features to implement. The objective would be to define and shape the features you could be interested in, keeping in mind to target a lightweight open source IAM server. Do not hesitate to reach me if you wanna discuss it.
Thanks for reading me so far,
Cheers
pknoth
I finally got certified for the hybrid OpenID profile and released version 2.1.2 that fixes the hybrid specific error return encoding issue.
It is a huge step for the library, going on the way, I still have in mind to provide a standalone version. Hoping I can give you soon news about it, there is still a lot of work to be done.
Hope the best!
pknoth
Hi there,
Version 2.1.0 finally got certified for the basic and implicit OpenID profiles
. Hybrid profile is much more than advanced, I am discussing a specific point I could not understand well (returned errors encoding) and hope to have such a certification soon.
Elixir have now its own section in the listed OpenID provider libraries Certified OpenID Connect Implementations | OpenID. If anyone think descriptions or documentation can be improved to give a better visibility to the package, it would be very welcome.
Note that I also released 2.1.1 that fixed a dialyzer warning that was introduced in 2.1.0.
Thanks for the community that greatly helped it to be done.
Hope the best, happy coding!








