jwt-go VS authelia

My only suggestion, because I haven't seen anyone else mention it, is researching your dependencies. In the app you're using https://github.com/dgrijalva/jwt-go, which isn't maintained anymore and in their repo they state that you should use https://github.com/golang-jwt/jwt instead.

There are so many tools created tools using golang like the gh-cli, cockrach-db, jwt, etc. You can see a whole list of applications/tools/frameworks written in Go from this awesome list

If it is using "github.com/golang-jwt/jwt" under the hood than all you have to do is override the Valid() method on your claims object.

The code logic is query user record from database by input parameter username, if not found, return Incorrect username or password error, if password was correct, issue token. The jwt library used here is golang-jwt/jwt

Abandon https://github.com/dgrijalva/jwt-go library due security issues. Now I use https://github.com/golang-jwt/jwt#jwt-go

Use jwt (jwt.io, https://github.com/golang-jwt/jwt) shoveling the params into a MapClaims.

Go JWT Implementation Link

The boilerplate application uses the dgrijalva / jwt-go library to work with JWTs. Besides the standard set of claims fields, this library allows you to describe additional fields. In the application, this makes it possible to write to the token the ID of the user to whom it was issued. The library supports the NewWithClaims () and Parse () functions used in the AuthHandler application to create and validate tokens. Also, the Echo framework has a JWT middleware that uses the specified library to validate tokens. This middleware is hooked up in the ConfigureRoutes () function of the template application that declares the routing.

There might be many different packages, but I think this one is the most popular: https://github.com/dgrijalva/jwt-go. So let’s copy its URL, and run go get in the terminal to install the package:

It's me and two others though I'm definitely the most active. We put a lot of effort into security best practices and one of my co-developers is currently reviewing the 4.38.0 release. It's a fairly major release with a lot of important code paths that have been improved for the future.

Our official docs can be found at https://www.authelia.com and you can find docs for a particular PR in the relevant PR. We've also linked the pre-release docs in the pre-release discussions which can be found here: https://github.com/authelia/authelia/discussions/categories/...

I use NGINX proxy with Authelia in between. Authelia blocks and blacklists faulty logins.

https://github.com/saltstack/salt https://github.com/chocolatey/choco https://github.com/nextcloud https://github.com/authelia/authelia https://github.com/grafana/grafana

If you are using HAProxy on PfSense/OPNSense, see my issue https://github.com/authelia/authelia/issues/2696

https://github.com/lldap/lldap is a very simple and lightweight LDAP solution. Works flawless with https://www.authelia.com/

Ah yeah, so I guess it's been a while since I tried and I forgot where I got stuck last time. Authelia's config.yml is absolutely massive and I'm not sure which section of their guide I should be following. In The Docker Compose section, there's "Unbundled", "Lite", and "Local". I think I want to be running the "lite" bundle, but their example compose file has a ton of Traefik stuff in it. I know I wouldn't keep the Traefik services, but do I need either secure or public?

Authelia supports SSO. If you are behind a reverse proxy it’s quite straightforward to integrate.

This should probably also be mentioned in the documentation so maybe consider mentioning this on their discussion page.