MCPcopy
hub / github.com/authelia/authelia

github.com/authelia/authelia @v4.39.20 sqlite

repository ↗ · DeepWiki ↗ · release v4.39.20 ↗
8,026 symbols 43,151 edges 1,079 files 2,855 documented · 36%
README

Build Codecov OpenSSF Best Practices OpenSSF Scorecard SLSA 3 Go Report Card GitHub Release Docker Tag Docker Size Docker Pulls AUR source version AUR binary version AUR development version [License][Apache 2.0] Sponsor Discord Matrix

Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion for reverse proxies by allowing, denying, or redirecting requests.

Documentation is available at https://www.authelia.com/.

The following is a simple diagram of the architecture:

Authelia can be installed as a standalone service from the AUR, APT, FreeBSD Ports, or using a static binary, .deb package, as a container on [Docker] or [Kubernetes].

Deployment can be orchestrated via the Helm Chart (beta) leveraging ingress controllers and ingress configurations.

Here is what Authelia's portal looks like:

<img src="https://www.authelia.com/images/light.png" width="400">












<img src="https://www.authelia.com/images/2fa-methods-light.png" width="400">

Features summary

This is a list of the key features of Authelia:

  • OpenID Connect 1.0 / OAuth 2.0
  • Several second factor methods:
  • Security Keys that support [FIDO2] [WebAuthn] with devices like a [YubiKey].
  • Time-based One-Time password with compatible authenticator applications.
  • Mobile Push Notifications with Duo.
  • Passwordless Authentication via WebAuthn (Passkeys)
  • Password reset with identity verification using email confirmation.
  • Access restriction after too many invalid authentication attempts.
  • Fine-grained access control using rules which match criteria like subdomain, user, user group membership, request uri, request method, and network.
  • Choice between one-factor and two-factor policies per-rule.
  • Support of basic authentication for endpoints protected by the one-factor policy.
  • Highly available using a remote database and Redis as a highly available KV store.
  • Compatible with Traefik out of the box using the ForwardAuth middleware.
  • Curated configuration from LinuxServer via their SWAG container as well as a guide.
  • Compatible with [Caddy] using the forward_auth directive.
  • Kubernetes Support:
  • Compatible with several Kubernetes Ingress Controllers and Gateways:
  • Beta support for installing via Helm using our Charts.

For more details take a look at the [Overview](https://www.authelia.co

Extension points exported contracts — how you extend this code

Notifier (Interface)
Notifier interface for sending the identity verification link. [6 implementers]
internal/notification/notifier.go
PrivateKeyBuilder (Interface)
PrivateKeyBuilder interface for a private key builder. [9 implementers]
internal/utils/crypto.go
StartupCheck (Interface)
StartupCheck represents a provider that has a startup check. [16 implementers]
internal/model/types.go
Source (Interface)
Source is an abstract representation of a configuration configuration.Source implementation. [6 implementers]
internal/configuration/types.go
SubjectMatcher (Interface)
SubjectMatcher is a matcher that takes a subject. [16 implementers]
internal/authorization/types.go
SQLXConnection (Interface)
SQLXConnection is a *sqlx.DB or *sqlx.Tx. [6 implementers]
internal/storage/types.go
ClientRequesterResponder (Interface)
ClientRequesterResponder is a oauthelia2.Requster or fosite.Responder with a GetClient method. [13 implementers]
internal/oidc/types.go
UserProvider (Interface)
UserProvider is the interface for interacting with the authentication backends. [4 implementers]
internal/authentication/user_provider.go

Core symbols most depended-on inside this repo

Equal
called by 3285
internal/configuration/schema/types.go
Run
called by 1271
internal/service/provider.go
String
called by 1013
cmd/authelia-gen/types.go
EXPECT
called by 858
internal/mocks/totp.go
Len
called by 825
internal/oidc/util.go
Now
called by 690
internal/clock/provider.go
Set
called by 501
internal/clock/fixed.go
Push
called by 368
internal/configuration/schema/validator.go

Shape

Method 3,606
Function 3,418
Struct 683
Interface 237
TypeAlias 39
FuncType 20
Class 12
Enum 11

Languages

Go93%
TypeScript7%

Modules by API surface

internal/mocks/storage.go196 symbols
internal/oidc/types.go139 symbols
internal/configuration/validator/authentication_test.go118 symbols
internal/storage/provider.go95 symbols
internal/authentication/ldap_user_provider_test.go93 symbols
internal/storage/sql_provider.go91 symbols
internal/oidc/client.go88 symbols
internal/oidc/config.go83 symbols
internal/authentication/ldap_client_mock_test.go78 symbols
internal/middlewares/authelia_context.go76 symbols
internal/commands/storage_run_test.go75 symbols
internal/commands/storage_run.go70 symbols

Dependencies from manifests, versioned

authelia.com/provider/oauth2v0.2.31 · 1×
cel.dev/exprv0.25.1 · 1×
filippo.io/edwards25519v1.2.0 · 1×
github.com/Azure/go-ntlmsspv0.1.1 · 1×
github.com/Gurpartap/logrus-stackv0.0.0-2017071017090 · 1×
github.com/andybalholm/brotliv1.2.1 · 1×
github.com/antlr4-go/antlr/v4v4.13.1 · 1×
github.com/asaskevich/govalidatorv0.0.0-2023030114320 · 1×
github.com/authelia/jsonschemav0.1.7 · 1×
github.com/authelia/otpv1.0.4 · 1×
github.com/beorn7/perksv1.0.1 · 1×
github.com/boombuler/barcodev1.1.0 · 1×

Datastores touched

(mysql)Database · 1 repos

For agents

$ claude mcp add authelia \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact