A proof-of-concept for a simple and reusable auth module that can be plugged into any warp-based server application.
Passwords are salted and hashed using argon2. On successful login, a JSON Web Token is generated using jsonwebtoken and returned to the client. A warp filter is provided to authenticate subsequent requests against that token via bearer authentication.
Some limitiations (certainly not an exhaustive list):
- TLS is necessary to avoid leaking passwords on the wire (no PAKE).
- Only supports username + password (no OAuth, no TOTP, etc).
- All credential storage is left up to the application.
- User ID allocation probably ought to be left up to the application.
- Only handles authentication, supporting authorization will need some design work.