Autha
Autha, pronounced
Otter
🦦 , is the service that manages user accounts and the associated delegation.☄️
Autha is an OAuth2 server designed with Rust to allow extreme low resource usage, low latency and high request throughput.
It implements an account creation, connection and authorization delegation system.
Status:
Security
We want to guarantee our users increased security. This way, all users can see how we store data and also help us to improve the cryptographic systems.
Argon2
&ChaCha20Poly1305
are the two hashing and cryptographic systems used- Short expiration time (<
15 min.
) - JWT with asymmetric key
- One-Time Usage OAuth token
Argon2
Argon2id is a key-derivative hash function which resists to side-channel attacks and is more reliable against GPU cracking attacks.
It allows us to manage the amount of memory used (normally 1GB
), the degree of parallelism as well as the number of iterations to do.
ChaCha20Poly1305
ChaCha20 is an encryption function built around a pseudorandom function.
Poly1305 (MAC) allows to verify the integrity of the data as well as their veracity (authenticity).
ChaCha20Poly1305 is an AEAD algorithm standardized by RFC. It allows to verify authenticity and confidentiality.
Database
We try to use high-performance databases to optimize critical response times.
- Apache Cassandra
- Redis
Casssandra
Apache Cassandra is a fast, fault-tolerant and ultra-scalable distributed database optimized for mass writing.
We use Cassandra to manage user accounts and security; every significant action taken by the user is logged.
Redis
Redis is a key-value database with in-memory capability, extremely fast. Used to cache public user data and redistribute it quickly as well as to unclog requests to Cassandra.