supertokens/supertokens-corePublic

NotificationsYou must be signed in to change notification settings
Fork634
Star14.7k

Open source alternative to Auth0 / Firebase Auth / AWS Cognito

License

View license

14.7k stars 634 forks Branches Tags Activity

Star

Notifications

You must be signed in to change notification settings

Branches Tags

Folders and files

Name		Name	Last commit message	Last commit date
Latest commit History 1,353 Commits
.circleci		.circleci
.github		.github
cli		cli
downloader		downloader
ee		ee
jar		jar
migration_scripts/to_version_7_0_12		migration_scripts/to_version_7_0_12
src		src
stress-tests		stress-tests
test-data		test-data
.gitignore		.gitignore
CHANGELOG.md		CHANGELOG.md
CODE_OF_CONDUCT.md		CODE_OF_CONDUCT.md
CONTRIBUTING.md		CONTRIBUTING.md
LICENSE.md		LICENSE.md
README.md		README.md
build.gradle		build.gradle
config.yaml		config.yaml
coreDriverInterfaceSupported.json		coreDriverInterfaceSupported.json
devConfig.yaml		devConfig.yaml
implementationDependencies.json		implementationDependencies.json
install		install
install.bat		install.bat
pluginInterfaceSupported.json		pluginInterfaceSupported.json
runBuild		runBuild
settings.gradle		settings.gradle

Repository files navigation

Open-Source auth provider

Addsecure login and session management to your apps.SDKs availablefor popular languages and front-end frameworks e.g. Node.js, Go, Python, React.js, React Native, Vanilla JS, etc.

Supertokens architecture is optimized to add secure authentication for your users without compromising on user anddeveloper experience

Three building blocks of SuperTokens architecture

Frontend SDK: Manages session tokens and renders login UI widgets
Backend SDK: Provides APIs for sign-up, sign-in, signout, session refreshing, etc. Your Frontend will talk to theseAPIs
SuperTokens Core: The HTTP service for the core auth logic and database operations. This service is used by theBackend SDK

Features

Passwordless Login
Social Login
Email Password Login
Phone Password Login
Session Management
Multi-Factor Authentication
Multi Tenancy / Organization Support (Enterprise SSO)
User Roles
Microservice Authentication

Learn more

If you like our project, please 🌟 this repository! For feedback, feel free to join ourDiscord, or create an issue on this repo

🚀 What is SuperTokens?

SuperTokens is an open-core alternative to proprietary login providers like Auth0 or AWS Cognito. We aredifferent because we offer:

Open source: SuperTokens can be used for free, forever, with no limits on the number of users.
An on-premises deployment so that you control 100% of your user data, using your own database.
An end-to-end solution with login, sign-ups, user and session management, without all the complexities of OAuthprotocols.
Ease of implementation and higher security.
Extensibility: Anyone can contribute and make SuperTokens better!

Philosophy

Authentication directly affects the UX, dev experience, and security of any app. We believe thatcurrent solutions cannot optimize for all three "pillars", leading to manyapplications hand-rolling their own auth. This not only leads to security issues but is also a massivetime drain.

We want to change that - we believe the only way is to provide a solution that has the right level ofabstraction gives you maximum control, is secure, and is simple to use - just like if you build it yourself,from scratch (minus the time to learn, build, and maintain).

We also believe in the principle of least vendor lock-in. Your having full control of your user's data means that youcan switch away from SuperTokens without forcing your existing users to logout, reset their passwords, or in the worstcase, sign up again.

Click here to see the demo app.

Please visitour website to see the list of features.
We want to make features as decoupled as possible. This means you can use SuperTokens for just login, or just sessionmanagement, or both. In fact, we also offer session management integrations with other login providers like Auth0.

Documentation

The docs can be seenon our website.

There is more information about SuperTokens ontheGitHub wiki section.

🏗️ Architecture

Please find anarchitecture diagram here

For more information, please visitourGitHub wiki section.

☕ Why Java?

✅ Whilst running Java can seem difficult, we provide the JDK along with the binary/docker image when distributing it.This makes running SuperTokens just like running any other HTTP microservice.
✅ Java has a very mature ecosystem. This implies that third-party libraries have been battle-tested.
✅ Java's strong type system ensures fewer bugs and easier maintainability. This is especially important when manypeople are expected to work on the same project.
✅ Our team is most comfortable with Java and hiring great Java developers is relatively easy as well.
✅ One of the biggest criticisms of Java is memory usage. We have three solutions to this:
- The most frequent auth-related operation is session verification - this happens within the backend SDK (node,python, Go) without contacting the Java core. Therefore, a single instance of the core can handle several 10s ofthousands of users fairly easily.
- We have carefully chosen our dependencies. For eg: we use an embedded tomcat server instead of a higher-level webframework.
- We also plan on usingGraalVM in the future and this can reduce memory usage by 95%!
✅ If you require any modifications to the auth APIs, those would need to be done on the backend SDK level (for exampleNode, Golang, Python..). So you’d rarely need to directly modify/work with the Java code in this repo.

⌨️ User Management Dashboard

Oversee your users with theSuperTokens User Management Dashboard

List users

List all the users who have signed up to your application.

Manage users

Manage users by modifying or deleting their sessions, metadata, roles and account info.

🔥 SuperTokens vs others

Please find a detailed comparison charton our website

🛠️ Building from source

Please see ourwiki for instructions.

👥 Community

If you think this is a project you could use in the future, please 🌟 this repository!

Contributors (across all SuperTokens repositories)

_{Rishabh Poddar}	_{Advait Ruia}	_{Bhumil Sarvaiya}	_{Joel Coutinho}
_{Rakesh UP}	_{Mufassir Kazi}	_{Nemi Shah}	_{Rohit Bhatia}
_{Madhu Mahadevan}	_{Aidar Nugmanoff}	_{Arnav Dewan}	_NkxxkN
_{LordChadiwala}	_{Luiz Soares}	_{Sudipto Ghosh}	_Fabricio20
_{metallicmonkey}	_{Vidhyanshu Jain}	_{Domenico Luciani}	_{Enzo Batrov}
_{Eloïse Isautier}	_{Ákos Resch}	_{Chotu Chaudhary}	_{Tomáš Horáček}
_{Sam Bauch}	_{Alexey Tylindus}	_{Gus Fune}	_chenkaiC4
_{Marek Dulowski}	_{Piyushh Bhutoria}	_{Eric Dobbertin}	_{Kyle Dodson}
_{Ralph Lawrence}	_{Christopher Kapic}	_Hanzyusuf	_{Mihály Lengyel}
_{Cerino O. Ligutom III}	_nadilas	_{Vasile Catana}	_{Jay Mistry}
_{Jacob Marshall}	_miketromba	_{Oleg Vdovenko}	_Siddharth
_xuatz	_{Yoway Buorn}	_{Ronit Panda}	_{Anugrah Singhal}
_{Jeremy Eastham}	_{Assaf Yacobi}	_{Sattvik Chakravarthy}	_{Olivier Pichon}
_{Siddhant Varma}	_renyijiu	_{Isaiah Thomason}	_{Utsav Barnwal}
_{Saurabh Ghatnekar}	_{Alisher Aituarov}	_{Simon Kihlberg Wallstrom}	_{Areeb Khan}
_{Nicholas Dudfield}	_Qdea	_{Lukas Knuth}	_{Melvyn Hills}
_{Matt Murray}	_{Cléo Rebert}	_{Daniil Borovoy}	_{Krzysztof Witkowski}
_{Lehoczky Zoltán}	_{Viraj Kanwade}	_{Anurag Srivastava}

👩‍💻 Contributing

Please see theCONTRIBUTING.md file forinstructions.

📝 License

Portions of this software are licensed as follows:

All content that resides under the "ee/" directory of this repository, if that directory exists, is licensed under thelicense defined in "ee/LICENSE.md".
All third-party components incorporated into the SuperTokens Software are licensed under the original license providedby the owner of the applicable component.
Content outside of the above-mentioned directories or restrictions above is available under the "Apache 2.0"license as defined in the level "LICENSE.md" file