Project image
)}
£40
pledged of £3,500pledged of £3,500 goal
4
backers
Funding Unsuccessful
The project's funding goal was not reached on Fri, August 22 2014 3:29 PM UTC +00:00
Alberto ZuinBy Alberto Zuin
First created
Alberto ZuinBy Alberto Zuin
First created
£40
pledged of £3,500pledged of £3,500 goal
4
backers
Funding Unsuccessful
The project's funding goal was not reached on Fri, August 22 2014 3:29 PM UTC +00:00

About

In our life we are developers: we make mobile and web application, but every time we start a new project we have to choose how the user must authenticate itself. The questions are always the same: is better have a local users database or relay on public authentication systems like social network API?

After many project started, we realized that the protocol used by many Social Network API (OAuth2) is a killer application, but is very slow to use it remotely because we want to be sure that the user is authenticated at every API request. In fact now is common to divide a complete Application in an API-only web application, consumed by a "stupid" interface like a mobile App or a Javascript-only web interface. So, in this case (our case), having a local authentication mechanism is better because we can verify the token validity at every API request without slowing down too much the user experience.

Also, in many web applications we have to bill the user: having a secure place for authentication and billing would be great!

Here we go: we realized an Oauth2 server integrated with Stripe for billing the user, with security and speed in mind! We release it completely OpenSource in a GitHub repository, so everyone can download it for free and use it in his infrastructure... and also can contribute to have a better code.

But we think a working system isn't a complete system, especially where is needed more and more security; also creating an open-source community around this project will be a slow activity: so, we are here to raise money to complete some "extra" that can transform our artisan system in a professional one.

With the money raised we want to:

  • complete the code with many and many test to be sure we don't break anything when will update the code
  • add Paypal to Payment Gateway providers list
  • add the possibility to link and login using social network
  • integrate it with SMS to have 2 factor authentication
  • request a professional penetration test to be more sure about security
  • create a decent documentation to install and configure it

Some tech:

  • The web interface was made with twitter bootstrap, so it is easy to maintain and adapt
  • The Oauth2 Server is written in Ruby on Rails but is compatible with JRuby for maximizing the speed and concurrency; we are thinking to migrate the core of the authentication system in a even more powerful language like Scala or node.js.
  • The database backend is in MongoDB because our application don't make intensive relational queries.
  • We use an High Speed Redis database to store user tokens, to improve the speed
  • We make intensive use of CRFS token also in API, for security
  • The user token is in JWT format, so the client application can decode it locally to have all user information, without make a second API call
  • In "check_token" method, we check the user token syntax before making a query in Redis DB: so we leave it free in case of a brute force attack; is also possible to activate a bloom filter to blacklists syntactically correct but not valid token.
  • We support 3 authentication method: classic OAuth2 authorization_code/user_token, implicit and user/password login. You can choose what method is better to enable for each application
  • You can force to work in a "single-application" mode: in this case, we don't use the DB to read application data, so better performance again.
  • We use a pair user_token/renew_token to expire the first often to improve security
  • About the billing: every Payment Gateway has its billing philosophy, but we choose a way to be compatible with every one. The user has an internal money balance and he can top-up it. Your application can subtract money from this balance using a simple API.
  • The application can set up a subscription and the fee will be subtracted from the user balance at every expire.

Risks and challenges

This project, like many others coming from us, was born to respond to an internal necessity, so we are happy to continue mantain it.
We choose to make the project OpenSource from the beginning and make it available via GitHub, so you can see the progress in real time.

Learn about accountability on Kickstarter

Questions about this project? Check out the FAQ

Support

  1. Select this reward

    Pledge £1 or more About $1.27

    A "Big Thanks" audio registration, from the Author.

    Less
    Estimated delivery
    0 backers
    £
    Kickstarter is not a store.

    It's a way to bring creative projects to life.

    Learn more about accountability.
  2. Select this reward

    Pledge £10 or more About $13

    A "Big Thanks" audio registration, from the Author, plus a text link on our "sponsor" web page.

    Less
    Estimated delivery
    4 backers
    £
    Kickstarter is not a store.

    It's a way to bring creative projects to life.

    Learn more about accountability.
  3. Select this reward

    Pledge £50 or more About $63

    A "Big Thanks" audio registration, from the Author, plus a image link on our "sponsor" web page. Also, on the home page, will be present 3 sponsor random selected at every load.

    Less
    Estimated delivery
    0 backers
    £
    Kickstarter is not a store.

    It's a way to bring creative projects to life.

    Learn more about accountability.
  4. Select this reward

    Pledge £100 or more About $127

    Customization of texts of mails and webpages, on your indication.

    Less
    Estimated delivery
    Limited 0 backers
    £
    Kickstarter is not a store.

    It's a way to bring creative projects to life.

    Learn more about accountability.
  5. Select this reward

    Pledge £300 or more About $380

    Customization of text and layout of mails and webpages, on your indication.

    Less
    Estimated delivery
    Limited 0 backers
    £
    Kickstarter is not a store.

    It's a way to bring creative projects to life.

    Learn more about accountability.
  6. Select this reward

    Pledge £500 or more About $633

    Installation of the application on a VM in your infrastructure.

    Less
    Estimated delivery
    Limited 0 backers
    £
    Kickstarter is not a store.

    It's a way to bring creative projects to life.

    Learn more about accountability.
  7. Select this reward

    Pledge £1,000 or more About $1,266

    Installation of a cluster of VM in your infrastructure to provide High Availability and scaling possibility.

    Less
    Estimated delivery
    Limited 0 backers
    £
    Kickstarter is not a store.

    It's a way to bring creative projects to life.

    Learn more about accountability.
  8. Select this reward

    Pledge £2,000 or more About $2,532

    Adding the feature you want

    Less
    Estimated delivery
    Limited 0 backers
    £
    Kickstarter is not a store.

    It's a way to bring creative projects to life.

    Learn more about accountability.

Funding period

- (30 days)