Skip to content

Authorization and Authentication Service. Used primarily for 3PPI transfers in addition to services where authentication is required, usually during quoting phase

License

Notifications You must be signed in to change notification settings

mojaloop/auth-service

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Auth Service (Work in Progress)

Git Commit Git Releases Npm Version NPM Vulnerabilities CircleCI

Mojaloop central AuthZ + AuthN service. Currently for FIDO implementation in a Mojaloop switch.

Overview

Setup

Clone repo

git clone git@github.com:mojaloop/AuthService.git

Improve local DNS resolver

Add the 127.0.0.1 auth-service.local entry in your /etc/hosts so the auth-service is reachable on http://auth-service.local:4004. Elsewhere use http://localhost:4004

Install service dependencies

cd auth-service
npm ci

Run local dockerized auth-service

npm run docker:build
npm run docker:run

To check the auth-service health visit http://auth-service.local:4004/health

Run locally with database in docker-compose

docker-compose up -d mysql
npm run migrate
npm run start

Updating the OpenApi (Swagger) Spec

We use multi-file-swagger to make our swagger files more manageable.

After making changes to the .yaml files in ./src/interface/, update the swagger.json file like so:

    npm run build:openapi

Note: We will likely want to move to swagger 3.0 at some point, and once we do, we will be able to use the common api snippets library to factor out common Mojaloop snippets. Keep track of #352 - Update to OpenAPI v3

Auditing Dependencies

We use audit-ci along with npm audit to check dependencies for node vulnerabilities, and keep track of resolved dependencies with an audit-ci.jsonc file.

To start a new resolution process, run:

npm run audit:fix

You can then check to see if the CI will pass based on the current dependencies with:

npm run audit:check

The audit-ci.jsonc contains any audit-exceptions that cannot be fixed to ensure that CircleCI will build correctly.

About

Authorization and Authentication Service. Used primarily for 3PPI transfers in addition to services where authentication is required, usually during quoting phase

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published