# WitchAuth

Small IAM server.

## Why?

WitchAuth is currently an excersize but I believe its best to have a target.
In that scope, this project tries to empower small communities and groups to have an identity provider for easy management and better security through SSO.

I believe this can be achieved by chasing two buzzwords:
- **Easy to deploy:** Trivial to run in a container or as a system service (supervised by s6, systemd etc.)
- **Easy to manage:** Uses SQLite to remove database administration work. Stream it with litestream and restart the service when needed.

## Roadmap

- [ ] Passable OIDC support with minimum JWT nonsense
    - [ ] OAuth 2.0
    - [ ] OIDC Core
    - [ ] OIDC Discovery

- [ ] At least bare minimum security effort
    - [ ] Somewhat basic login page protection
    - [ ] TOTP
    - [ ] WebAuthn maybe?

- [ ] Smooth Management
    - [ ] Easy to admin via CLI
    - [ ] Easy to admin via API
    - [ ] Easy to admin via a basic panel

- [ ] Alternative storage?
    - [ ] PostgreSQL?
    - [ ] FoundationDB?

## Future Work

HSM (yubihsm maybe?) and/or Vault support would be *really* nice.

SAML? (oh god please no)

## Dependency Tracking

Things to look for in the project's dependencies

- Check when `rsa` uses `crypto-bigint`
    - Will take some time, AFAIK `DynResidue` and its friends aren't up to task.

- Find a way to get rid of `ahash`

## License

```
Copyright (C) 2023 Aydin Mercan <aydin@mercan.dev>

This repository is licensed under the EUPL 1.2.
The English version of the text is included in the LICENSE file.
Please refer to https://joinup.ec.europa.eu/community/eupl/og_page/eupl for more information.
```