Gafaelfawr is a FastAPI application for the authorization and management of tokens, including their issuance and revocation.
Gafaelfawr started as an implementation of the Token Proxy component identified in DMTN-094. It has been subsequently simplified along the lines discussed in SQR-039 and contains an (as yet partial) implementation of the token management API defined in SQR-049.
It authorizes tokens in according to the Nginx's auth_request directive via it's /auth endpoint and handles integration with an external identity provider (either with GitHub or OpenID Connect).
Authentication sessions and user identity information are stored in Redis.
Token information is stored in a SQL database.
It also provides a minimal OpenID Connect server to support protected applications that only understand OpenID Connect.
For full documentation, see gafaelfawr.lsst.io.
Gafaelfawr is named for Glewlwyd Gafaelfawr, the knight who challenges King Arthur in Pa gur yv y porthaur? and, in later stories, is a member of his court and acts as gatekeeper. Gafaelfawr is pronounced (very roughly) gah-VILE-vahwr. (If you speak Welsh and can provide a better pronunciation guide, please open an issue!)