README

[
][Apache 2.0]

Authelia is an open-source authentication and authorization server providing two-factor authentication and single
sign-on (SSO) for your applications via a web portal. It acts as a companion for reverse proxies by
allowing, denying, or redirecting requests.
Documentation is available at https://www.authelia.com/.
The following is a simple diagram of the architecture:

Authelia can be installed as a standalone service from the AUR,
APT,
FreeBSD Ports, or using a
static binary,
.deb package, as a container on [Docker] or [Kubernetes].
Deployment can be orchestrated via the Helm Chart (beta) leveraging ingress controllers
and ingress configurations.

Here is what Authelia's portal looks like:
<img src="https://www.authelia.com/images/light.png" width="400">
<img src="https://www.authelia.com/images/2fa-methods-light.png" width="400">
Features summary
This is a list of the key features of Authelia:
- OpenID Connect 1.0 / OAuth 2.0
- Several second factor methods:
- Security Keys that support
[FIDO2] [WebAuthn] with devices like a [YubiKey].
- Time-based One-Time password
with compatible authenticator applications.
- Mobile Push Notifications
with Duo.
- Passwordless Authentication via WebAuthn (Passkeys)
- Password reset with identity verification using email confirmation.
- Access restriction after too many invalid authentication attempts.
- Fine-grained access control using rules which match criteria like subdomain, user, user group membership, request uri,
request method, and network.
- Choice between one-factor and two-factor policies per-rule.
- Support of basic authentication for endpoints protected by the one-factor policy.
- Highly available using a remote database and Redis as a highly available KV store.
- Compatible with Traefik out of the box using the
ForwardAuth middleware.
- Curated configuration from LinuxServer via their
SWAG container as well as a
guide.
- Compatible with [Caddy] using the forward_auth
directive.
- Kubernetes Support:
- Compatible with several Kubernetes Ingress Controllers and Gateways:
- Beta support for installing via Helm using our Charts.
For more details take a look at the [Overview](https://www.authelia.co
Extension points exported contracts — how you extend this code
Notifier (Interface)
Notifier interface for sending the identity verification link. [6 implementers]
internal/notification/notifier.go
PrivateKeyBuilder (Interface)
PrivateKeyBuilder interface for a private key builder. [9 implementers]
internal/utils/crypto.go
StartupCheck (Interface)
StartupCheck represents a provider that has a startup check. [16 implementers]
internal/model/types.go
Source (Interface)
Source is an abstract representation of a configuration configuration.Source implementation. [6 implementers]
internal/configuration/types.go
SubjectMatcher (Interface)
SubjectMatcher is a matcher that takes a subject. [16 implementers]
internal/authorization/types.go
SQLXConnection (Interface)
SQLXConnection is a *sqlx.DB or *sqlx.Tx. [6 implementers]
internal/storage/types.go
ClientRequesterResponder (Interface)
ClientRequesterResponder is a oauthelia2.Requster or fosite.Responder with a GetClient method. [13 implementers]
internal/oidc/types.go
UserProvider (Interface)
UserProvider is the interface for interacting with the authentication backends. [4 implementers]
internal/authentication/user_provider.go
Core symbols most depended-on inside this repo
Equal
called by 3285
internal/configuration/schema/types.go
Run
called by 1271
internal/service/provider.go
String
called by 1013
cmd/authelia-gen/types.go
EXPECT
called by 858
internal/mocks/totp.go
Len
called by 825
internal/oidc/util.go
Now
called by 690
internal/clock/provider.go
Set
called by 501
internal/clock/fixed.go
Push
called by 368
internal/configuration/schema/validator.go
Shape
Method
3,606
Function
3,418
Struct
683
Interface
237
TypeAlias
39
FuncType
20
Class
12
Enum
11
Languages
Go93%
TypeScript7%
Modules by API surface
internal/mocks/storage.go196 symbols
internal/oidc/types.go139 symbols
internal/configuration/validator/authentication_test.go118 symbols
internal/storage/provider.go95 symbols
internal/authentication/ldap_user_provider_test.go93 symbols
internal/storage/sql_provider.go91 symbols
internal/oidc/client.go88 symbols
internal/oidc/config.go83 symbols
internal/authentication/ldap_client_mock_test.go78 symbols
internal/middlewares/authelia_context.go76 symbols
internal/commands/storage_run_test.go75 symbols
internal/commands/storage_run.go70 symbols
Dependencies from manifests, versioned
authelia.com/provider/oauth2v0.2.31 · 1×
filippo.io/edwards25519v1.2.0 · 1×
github.com/Azure/go-ntlmsspv0.1.1 · 1×
github.com/Gurpartap/logrus-stackv0.0.0-2017071017090 · 1×
github.com/andybalholm/brotliv1.2.1 · 1×
github.com/antlr4-go/antlr/v4v4.13.1 · 1×
github.com/asaskevich/govalidatorv0.0.0-2023030114320 · 1×
github.com/authelia/jsonschemav0.1.7 · 1×
github.com/authelia/otpv1.0.4 · 1×
github.com/beorn7/perksv1.0.1 · 1×
github.com/boombuler/barcodev1.1.0 · 1×
Datastores touched
(mysql)Database · 1 repos