Open Authenticator Backend

The backend of Open Authenticator.
Installation »

Website · App · Backend · Contribute

Open Authenticator is a free, open-source and cross-platform TOTP manager. This repository contains the source code of its backend, allowing you to have access to your TOTPs on all your devices.

If you like this project, consider starring it on GitHub !

Open Authenticator Backend is powered by Nitro. You will need the following in order to be able to run it :

• A Node.js environment. Either a server or a serverless environment (eg. Cloudflare, Vercel, ...).
• A database. The connector should be compatible with DB0 (see all available connectors here). This is where all users' information will be stored.
• A storage. The connector should be compatible with unstorage (see all available drivers here). This is where all TOTPs will be stored.
• An email account, for sending magic links.
• Optionally, a key-value storage provider, for storing rate limiting related data.

The backend is still in development. To install it, currently, you only have to clone the repository and build it.

git clone https://github.com/openauthenticator-app/backend.git
cd backend
npm install
npm run build

To start it :

npm run start

To configure the backend, you'll have to edit backend.config.ts. For example, to host it on Cloudflare, you may want to configure it like this :

// noinspection ES6PreferShortImport
import { defineBackendConfig } from './utils/config'

export default defineBackendConfig({
  enableRegistrations: false, // You can disable new user registrations if needed.
  totps: {
    storage: {
      driver: 'cloudflare-r2-binding',
      binding: 'BUCKET',
    },
  },
  authentication: {
    database: {
      connector: 'cloudflare-d1',
      options: {
        // @ts-expect-error `bindingName` is not in the type definition.
        bindingName: 'DATABASE',
      },
    },
    providers: {
      email: {
        library: 'workermailer',
        host: 'smtp.example.com',
        port: 587,
        username: '[email protected]',
        password: process.env.EMAIL_PASSWORD
      },
    },
  },
  rateLimiter: {
    storage: {
      driver: 'cloudflare-kv-binding',
      binding: 'STORAGE',
    },
  },
})

with bindings configured in a wrangler.json file. You may also need to configure some environment variables :

NODE_ENV='production' # You should be in production.
URL='https://example.com' # Your backend URL.
ADMIN_HEADER='Bearer SECURE_RANDOM_STRING' # Allows to access /admin/* routes.
JWT_ACCESS_SECRET='ANOTHER_SECURE_RANDOM_STRING' # Used to encrypt access tokens.
JWT_REFRESH_SECRET='ANOTHER_ANOTHER_SECURE_RANDOM_STRING' # Used to encrypt refresh tokens.
JWT_REFRESH_PEPPER='ANOTHER_ANOTHER_ANOTHER_SECURE_RANDOM_STRING' # Used to encrypt refresh tokens.
EMAIL_PASSWORD='YOUR_PASSWORD' # Used in the example above to authenticate your email address.

For additional options, please refer to the default config.

To (re)create the default tables, you'll have to head to /admin/reset with your previously defined ADMIN_HEADER set as the Authorization header. To prune unnecessary data, go to /admin/prune.

To use your own backend in the app, you'll have to go to the settings, and then choose Change backend URL. Put your own backend URL here, et voilà !

Open Authenticator Backend is licensed under the GNU General Public License v3.0.

If you like this project, there are a lot of ways for you to contribute to it ! Please read the contribution guide before getting started.

You can report bugs or suggest new features in the issue tracker.

You can donate for this project using either PayPal, Ko-Fi or Github sponsors. If you don't want to donate, any kind message is also appreciated !