Documentation for Rodauth (v1.13.0)
README (Introduction to Rodauth, start here if new)
All features in Rodauth must be explicitly enabled. Configuration that is used by multiple features resides in the Base feature, all other configuration is specific to individual features, and available after the features have been enabled.
- Base: Shared behavior for other features.
- Login Password Requirements Base: Shared behavior for features that set logins or passwords.
- Email Base: Shared behavior for features that require sending email.
- Two Factor Base: Shared behavior for 2 factor authentication features.
- Login: Allows for logging into the application via a login/email and password.
- Logout: Allows for logging out of the application, by removing the login information from the session.
- Account Expiration: Disallows access to accounts if there has been no login or activity after a given amount of time.
- Change Login: Allows a user to change their login.
- Change Password: Allows a user to change their password.
- Close Account: Allows a user to close their account.
- Confirm Password: Allows a user to confirm their passwords.
- Create Account: Allows a user to create an account.
- Disallow Password Reuse: Disallows setting password to the same string as previous passwords.
- HTTP Basic Auth: Allows HTTP basic authentication.
- Lockout: Locks an account out after a number of invalid authentication attempts, allowing unlocking via email.
- JWT: Adds JSON API support for all other features.
- OTP: Adds support for 2 factor authentication via TOTP.
- Recovery Codes: Adds support for 2 factor authentication via single-use account recovery codes.
- SMS Codes: Adds support for 2 factor authentication via codes received via SMS.
- Password Complexity: Adds more sophisticated complexity checks for passwords.
- Password Expiration: Requires that accounts change their password after a given amount of time.
- Password Grace Period: Don't require password entry if a user recently entered their password.
- Remember: Automatically logs a user in based on a token stored in a cookie, keeping track of how they logged in.
- Reset Password: Allows users to reset their password if they don't remember it.
- Session Expiration: Expires sessions automatically based on inactivity or max lifetime checks.
- Single Session: Only allows one active session per account.
- Update Password Hash: Update the password hash whenever the hash cost changes.
- Verify Account: Require verifications of newly created accounts before login.
- Verify Account Grace Period: Allow newly created accounts a grace period before verification is required.
- Verify Login Change: Require verification of new logins before changing logins.
- Internals Guide: Guide to the internals and the object model.
To use these external features, install their dependencies and follow their installation instructions.
- rodauth-become_account: Easily switch between Rodauth accounts.
- "Rodauth: Clean Authentication" at Ruby Meditation #13
- "Rodauth: Website Security Through Database Security" Presentation at RubyConf LT 2016 (1024x768, 50 minutes)
- "Rodauth: Website Security Through Database Security" Presentation at RubyConf BY 2016 (1280x720, 40 minutes) (Video)
Applications Using Rodauth
Here are some open source applications that use Rodauth: