Auth is a self-hosted authentication provider that integrates into Traefik. It is designed to be a simple, easy to use, and secure way to secure web applications, that don’t have their own authentication system (or I deemed it annoying for them to have their own and wanted to use a common one).
Architecture wise it’s built in what for me would be the default by now: It uses SvelteKit and Prisma, and is deployed as a Docker Container, built within Gitlab CI/CD.
How it works
The application acts as a middleware in Traefik, so it can be added to any web application. It itself also has it’s own subdomain which it uses to serve the login page and the management interface.
Traefik is configured to check if the request contains a valid session (this is done through an internal request). If the session is not valid (or not present at all), the user will be redirected to the login page, with the origin being remembered as part of the URL.
There the user can either login via a passkey (webauthn) or by scanning the visible QR code with their phone (or another authenticated device). After a successful login, the user is redirected back to the origin and can use the application transparently.