Authentication, SSO, user management, and overall identity solution for Node.js
Character is a turnkey solution that makes it faster, easier, and cheaper to add a complete user system for your applications:
- authentication
- SSO
- system administration
- user management
- and more ...
You don't have to use all the features. Character is modular, so you can use only the features you need.
Install Character from npm:
$ npm install characterYou also need to install the peer dependencies.
Character exports an Express Router which can be mounted onto any Express 4.x app with app.use. This is a clean mount which does not interfere with existing routes, because almost all middleware is mounted under /auth (configurable).
It reads its configuration from character.yml by default (configurable).
Here is example usage from the Local authenticator example:
// Load Character core and plugins
const character = require('character')()
const authentication = require('character/authentication')
character.use(authentication);
// Attach as Express middleware
app.use(character.create())
// Protect any route with `req.isAuthenticated`
app.get('/restricted', (req, res) => {
if (req.isAuthenticated()) {
res.send('Hello world')
} else {
res.redirect('/login')
}
})Note how authentication was added as a plugin. The modular nature of Character makes it easy to build a custom identity solution.
- Overview
- Examples
- Local authentication (username + password)
Presently there are two main options for building Node.js applications:
- build and support a custom solution with a low-level library, e.g. Passport
- use a commercial service, e.g. Auth0
Character combines the key benefits of both options. Install it on your own server and keep control of your own data!
| Benefit | Custom solution | Character | Commercial service |
|---|---|---|---|
| Save R&D time and money with a pre-built solution | ✅ | ✅ | |
| Secure your applications with best-practices and security updates | ✅ | ✅ | |
| Protect against known vulnerabilities | ✅ | ✅ | |
| Use a security-audited and penetration-tested solution | (planned) | ❔ | |
| On-premise: comply with your enterprise security requirements | ✅ | ✅ | ❔ |
| Open source: verify the code that handles your user data | ✅ | ✅ | |
| Keep your user data our of third-party hands | ✅ | ✅ | |
| Avoid costly service fees (e.g. for registered but inactive users) | ✅ | ✅ | |
| Avoid complicated licensing fee structures | ✅ | ✅ |
Target for initial release
- Authentication
- Local: username / password
- Support for third-party authenticators (similar to Passport strategies)
- Configuration panel
- Registration
- User administration panel
- Authentication
- Passwordless / magic links
- LDAP
- OAuth
- Social logins
- Two-factor / multi-factor
- ... and other authenticators (similar to Passport strategies)
- Auditing
- Role-based access control (RBAC)
- Account linking (e.g. link a Facebook and LinkedIn login to the same account/identity)
- Password resets and invalidation
- Single sign-on
- User on-boarding experience
- Account locking / anomaly detection
- Honeypots
- Password hash upgrading
This project welcomes contributions from the community. Contributions are accepted using GitHub pull requests; for more information, see GitHub documentation - Creating a pull request.
For a good pull request, we ask you provide the following:
- Include a clear description of your pull request in the description with the basic "what" and "why"s for the request.
- The tests should pass as best as you can. GitHub will automatically run the tests as well, to act as a safety net.
- The pull request should include tests for the change. A new feature should have tests for the new feature and bug fixes should include a test that fails without the corresponding code change and passes after they are applied.
- If the pull request is a new feature, please include appropriate documentation
in the
Readme.mdfile as well. - To help ensure that your code is similar in style to the existing code,
run the command
npm run lintand fix any displayed issues.
Create a GitHub issue to report a bug. Please provide sufficient details to reproduce the bug, such as version numbers, error logs, and example code if possible.
If you have discovered a security related bug, please do NOT use the GitHub issue tracker. Send an email to [email protected].
The lead author is Faraz Syed.
Create a GitHub issue to ask a question. Make sure to add [question] to the beginning of your issue's title.
Commercial support is also available:
- Consulting (install, config, maintain, upgrade, migrate)
- Sponsored feature development
- Training
- Future: Hosted Character / SaaS
Commercial support contact: [email protected]