Gafaelfawr is an aiohttp application for the authorization and management of tokens, including the issuance and revocation of tokens.
Gafaelfawr is primarily an implementation of the Token Proxy component identified in DMTN-094.
It authorizes tokens in according to the Nginx's auth_request directive via it's /auth endpoint and handles integration with an external identity provider (either with GitHub or OpenID Connect).
Authentication sessions are stored in Redis.
For full documentation, see gafaelfawr.lsst.io.
Gafaelfawr is named for Glewlwyd Gafaelfawr, the knight who challenges King Arthur in Pa gur yv y porthaur? and, in later stories, is a member of his court and acts as gatekeeper. Gafaelfawr is pronounced (very roughly) gah-VILE-fahwr. (If you speak Welsh and can provide a better pronunciation guide, please open an issue!)