1b37096b58
Authorization codes were implemented as stateless JWTs with no tracking, allowing the same code to be exchanged for tokens multiple times. This violates OAuth 2.0 RFC 6749 Section 4.1.2 which mandates that authorization codes MUST be single-use. This change: - Adds oidc_authorization_codes table to track code usage - Stores authorization codes in database when generated - Validates code exists and hasn't been used before exchange - Marks code as used immediately after validation - Prevents replay attacks where intercepted codes could be reused Security impact: - Prevents attackers from reusing intercepted authorization codes - Ensures compliance with OAuth 2.0 security requirements - Adds database-backed single-use enforcement
Tinyauth
The simplest way to protect your apps with a login screen.
Tinyauth is a simple authentication middleware that adds a simple login screen or OAuth with Google, Github or any other provider to all of your apps. It supports all the popular proxies like Traefik, Nginx and Caddy.
Warning
Tinyauth is in active development and configuration may change often. Please make sure to carefully read the release notes before updating.
Getting Started
You can easily get started with Tinyauth by following the guide in the documentation. There is also an available docker compose file that has Traefik, Whoami and Tinyauth to demonstrate its capabilities.
Demo
If you are still not sure if Tinyauth suits your needs you can try out the demo. The default username is user and the default password is password.
Documentation
You can find documentation and guides on all of the available configuration of Tinyauth in the website.
If you wish to contribute to the documentation head over to the repository.
Discord
Tinyauth has a discord server. Feel free to hop in to chat about self-hosting, homelabs and of course Tinyauth. See you there!
Contributing
All contributions to the codebase are welcome! If you have any free time feel free to pick up an issue or add your own missing features. Make sure to check out the contributing guide for instructions on how to get the development server up and running.
Localization
If you would like to help translate Tinyauth into more languages, visit the Crowdin page.
License
Tinyauth is licensed under the GNU General Public License v3.0. TL;DR — You may copy, distribute and modify the software as long as you track changes/dates in source files. Any modifications to or software including (via compiler) GPL-licensed code must also be made available under the GPL along with build & install instructions. For more information about the license check the license file.
Sponsors
A big thank you to the following people for providing me with more coffee:
Acknowledgements
- Freepik for providing the police hat and badge.
- Renee French for the original gopher logo.
- Coderabbit AI for providing free AI code reviews.
- Syrhu for providing the background image of the app.