Authress
User authorization API for software makers
Plug in security integration to your software app. APIs to manage users, permissions, groups, roles, and lots more.
Security doesn't stop at user login, use Authress to fill the gaps.
It seems a day doesn't go by when I've heard about needing to share credentials with someone else. And while I try to deny the need to do this, it just keeps on happening.
We evaluated a bunch of the ones out there and even the open source ones still didn't support Client Side Encryption. And there really is a fundamental need for that. All credentials should be encrypted on the client side before shared, and yet, for some reason none of them do this.
So we've made an open source and completely free quick solution to Share temporary credentials. The source is of course available on GitHub. It's a community edition so everything is free and no account is required.
I hope you think twice before sharing credentials, and three times before you send them over email or Slack.
We've completely redid our knowledge base, it is now better than ever with better UX, better pages, and most importantly a search function. You can know search for all those annoying security related things in just one place. How awesome is that!
And know we have our very own Release Notes page as well, so you don't have to track our updates on IndieHackers, you can get them at the source.
After many months of work, Authress has officially released a user privacy-first federated login solution. Allows for drop in replacements of Google, Twitter, or other login providers, and unlike it's predecessors actually secures user data instead of using it for anything else. With core features such as user configured data residency and passkey support, password managers are no more, and you don't have to worry about integrations with many kinds of providers.
Now you can consume authentication and authorization events emitted by Authress to trigger custom actions or integrate with your existing SIEM (Security Information and Event Management) system through AWS EventBridge without any extra effort.
https://authress.io/knowledge-base/aws-event-bridge-audit-trail
Authress has always supported all those annoying OAuth credentials flow. However, now it also supports storing and retrieving access tokens generated by refresh tokens, without making any changes to configuration.
Your offline and refresh token access will automatically be available when requested:
https://authress.io/knowledge-base/using-refresh-tokens-and-provider-scopes
Some CI/CD platforms which build your solutions provide easy ways to authenticate to your cloud provider. Most Don't. And even when they do like Gitlab, the JWT isn't quite right. Authress now provides a seamless strategy so your CI/CD can use JWT to log in and not have to rely on access tokens or secrets.
We use AWS Lambda heavily, and even when we don't it was difficult to find a full featured library to validate incoming requests to our service.
It's always critical to validate user inputs, but as an API first product it's also important for this to be done right. It has to match our api docs exactly or else users are going to complain.
That's why we are happy to release the open source request validator which utilizes any OpenAPI spec for validation: OpenApi Validator
Hope that helps the community, make great apis!
We've completely redesigned our API UI to power our users security implementation. Before it was just a poor swagger-ui integration, but we hated that. And so did our users. So instead we've decided to open source a really pretty API explorer. We're using it, and we hope everyone of our users like it too.
Also we're sharing it with IndieHackers because we don't want anyone to have to build their own API explorer like we did:
Move over Firebase and Cognito, you've got nothing on Authress Login. Today Authress releases user login, adding much anticipated authentication to the portfolio of authorization security already provided.
Now you can easily aggregate your login providers in just one place. And even better there's no limit on the number of applications or connections you create. Go to town!
The first one too a bit longer than we wanted but it's up. Authress now reviews application security for products and suggest possible issues and solutions.
Check it out:
Zoombombing: a case study of data protection
