Open Authenticator is a free, open-source and cross-platform TOTP manager. This repository contains the source code of its backend, allowing you to have access to your TOTPs on all your devices.
Tip
If you like this project, consider starring it on GitHub !
Open Authenticator Backend is powered by Nitro. You will need the following in order to be able to run it :
- A Node.js environment. Either a server or a serverless environment (eg. Cloudflare, Vercel, ...).
- A database. The connector should be compatible with DB0 (see all available connectors here). This is where all users' information will be stored.
- A storage. The connector should be compatible with unstorage (see all available drivers here). This is where all TOTPs will be stored.
- Optionally, an email account, for sending magic links.
- Optionally, a key-value storage provider, for storing rate limiting related data.
The backend is still in development. To install it, currently, you only have to clone the repository and build it.
git clone https://github.com/openauthenticator-app/backend.git
cd backend
npm install
npm run buildAnd to start it :
npm run startTo configure the backend, you'll have to edit backend.config.ts. For example, to host it on Cloudflare, you may want to configure it like this :
// noinspection ES6PreferShortImport
import { defineBackendConfig } from './utils/config'
export default defineBackendConfig({
enableRegistrations: false, // You can disable new user registrations if needed.
totps: {
storage: {
driver: 'cloudflare-r2-binding',
binding: 'BUCKET',
},
},
authentication: {
database: {
connector: 'cloudflare-d1',
options: {
// @ts-expect-error `bindingName` is not in the type definition.
bindingName: 'DATABASE',
},
},
providers: {
email: {
library: 'workermailer',
host: 'smtp.example.com',
port: 587,
username: 'noreply@example.com',
password: process.env.EMAIL_PASSWORD
},
},
},
rateLimiter: {
storage: {
driver: 'cloudflare-kv-binding',
binding: 'STORAGE',
},
},
})with bindings configured in a wrangler.json file. You may also need to configure some environment variables :
NODE_ENV='production' # You should be in production.
URL='https://example.com' # Your backend URL.
ADMIN_HEADER='Bearer SECURE_RANDOM_STRING' # Required to access /admin/* routes.
JWT_ACCESS_SECRET='ANOTHER_SECURE_RANDOM_STRING' # Used to encrypt access tokens.
JWT_REFRESH_SECRET='ANOTHER_ANOTHER_SECURE_RANDOM_STRING' # Used to encrypt refresh tokens.
JWT_REFRESH_PEPPER='ANOTHER_ANOTHER_ANOTHER_SECURE_RANDOM_STRING' # Used to encrypt refresh tokens.
EMAIL_PASSWORD='YOUR_PASSWORD' # Used in the example above to authenticate your email address.For additional options, please refer to the default config.
Note
Don't forget to rebuild the server after each configuration change.
To (re)create the default tables, you'll have to head to /admin/reset with your previously defined ADMIN_HEADER set as the Authorization header. To prune unnecessary data, go to /admin/prune.
To use your own backend in the app, you'll have to go to the settings, and then choose Change backend URL. Put your own backend URL here, et voilà !
Contributions are more than welcome. For setup details, contribution rules and PR expectations, read the guidelines.
You can also help by :
- reporting bugs or suggesting features in the issue tracker ;
- submitting fixes for documentation, UI text or code.
If you want to support Open Authenticator financially, you can use :
Open Authenticator Backend is licensed under the GNU General Public License v3.0.
