A centralized authentication and authorization service for all Forge Utah Foundation applications, featuring Slack OAuth integration and comprehensive role-based access control.
- Centralized Authentication Portal - Terminal-themed login page with Forge Utah branding
- Slack OAuth 2.0 - Secure authentication via Slack workspace
- Multi-Application Support - Single auth service for all Forge apps
- RBAC System - Role-based access control with 6 predefined roles
- JWT Tokens - Secure tokens with embedded roles and permissions
- Casbin Integration - Policy-based authorization engine
- TUI Test Client - Terminal interface for testing authentication
- Go to api.slack.com/apps
- Click "Create New App" → "From scratch"
- Name your app (e.g., "Forge Auth") and select the Forge Utah workspace
- Navigate to "OAuth & Permissions"
- Add redirect URL:
https://auth.forge.utah/callback(orhttp://localhost:3000/callbackfor development) - Add OAuth scopes under "User Token Scopes":
users:read- Read user profileusers:read.email- Access user emailteam:read- Read workspace info
- Save your Client ID and Client Secret
cp .env.example .envEdit .env with your configuration:
# Slack OAuth
SLACK_CLIENT_ID=your_slack_client_id
SLACK_CLIENT_SECRET=your_slack_client_secret
SLACK_REDIRECT_URI=http://localhost:3000/callback
SLACK_TEAM_ID=TC92KEFJT # Forge Utah workspace ID
# JWT Configuration
JWT_SECRET=your-secret-key-change-in-production
JWT_EXPIRY_HOURS=24
# Server
PORT=3000
SERVER_URL=http://localhost:3000# Install dependencies
go mod download
# Run the auth server
go run cmd/auth-server/main.go
# In another terminal, test with TUI client
go run cmd/test-tui/main.goVisit http://localhost:3000 to see the authentication portal.
For API integration:
# Check permission
curl -X POST http://localhost:3000/auth/check \
-H "Content-Type: application/json" \
-d '{"token": "your-jwt", "resource": "meetups", "action": "create"}'
# Get user roles
curl http://localhost:3000/auth/roles \
-H "Authorization: Bearer your-jwt"| Role | Description | Use Case |
|---|---|---|
viewer |
Read-only access (default) | New users, public visitors |
verified |
Can participate in community | Active community members |
moderator |
Content moderation | Community moderators |
meetup_organizer |
Create/manage events | Event organizers |
admin |
Organization management | Forge Utah staff |
super_admin |
Full system access | System administrators |
forge-platform/
├── cmd/
│ ├── auth-server/ # Main authentication server
│ └── test-tui/ # Terminal UI test client
├── internal/auth/
│ ├── oauth_server.go # OAuth flow handling
│ ├── rbac_service.go # RBAC logic with Casbin
│ ├── rbac_store.go # Role/permission storage
│ ├── rbac_handlers.go # Authorization endpoints
│ ├── jwt.go # JWT token management
│ ├── slack.go # Slack API integration
│ ├── templates.go # HTML templates
│ └── tui_client.go # TUI authentication client
├── config/
│ ├── auth_model.conf # Casbin RBAC model
│ └── auth_policy.csv # Casbin policies
├── data/rbac/ # RBAC data storage
└── docs/
├── authentication.md # Complete auth documentation
├── api-reference.md # API endpoint reference
└── deployment.md # Production deployment guide
- Authentication Guide - Complete authentication and RBAC documentation
- API Reference - Detailed API endpoint documentation
- Deployment Guide - Production deployment instructions
- OAuth:
golang.org/x/oauth2- OAuth 2.0 client - Slack API:
slack-go/slack- Official Slack SDK - Authorization:
casbin/casbin/v2- RBAC authorization - JWT:
golang-jwt/jwt/v5- JWT tokens - Router:
gorilla/mux- HTTP routing - Config:
spf13/viper- Configuration management
This is a Forge Utah Foundation project. For contributions, please:
- Fork the repository
- Create a feature branch
- Submit a pull request
© 2024 Forge Utah Foundation. All rights reserved.