A highly secure authentication and authorization server written on Python.
This is the back-end part of the project. Here is the front-end part.
Auth-system provides APIs to deal with authentication and authorization, and was implemented with Django Rest Framework.
Firstly, to register a new account, all users must provide their email for verification.
The server then sends each user a confirmation email, which includes a link leading to a confirmation page.
This process is performed by a woker in background with Celery's management.
Next, all emails that were unsuccessfully sent will be resent by a crontab setup by Celery Beat.
Secondly, after successfully login, user receives an Access token and a Refresh token, that are JSON Web Token, but user can not see them in browser, because both are sent within HttpOnly cookie.
This prevents some potential attacks like XSS.
Finally, Redis also was used to support cache and Celery job queue. In addition, Google Recaptcha was also used to prevent spam requests.