Developer-oriented overview: design goals, tech stack, and document index.
SecurityDept is a standalone auth service that:
- Integrates with an external OIDC provider for user login (authorization code flow, optional PKCE).
- Validates OIDC claims via an optional custom script (JS/TS run in an embedded engine).
- Manages auth entries and groups after login: basic auth (username/password) and token auth (bearer tokens), associated with named groups.
- Exposes forward-auth endpoints for reverse proxies (Traefik, Nginx) so upstream services can gate access by group and credential type.
- Uses file-based config and data (TOML + env, JSON data file) for operations without a database.
- Publishes reusable crates so other Rust projects can consume OIDC and credential primitives without depending on the full server app.
Target operators: small teams or self-hosted setups that need a single auth layer in front of multiple backends, with OIDC for identity and local entries for API/CLI or machine access.
| Layer | Choice |
|---|---|
| Apps | securitydept-server (Axum), securitydept-cli (Clap), apps/webui (Vite + React) |
| Reusable crates | securitydept-oidc, securitydept-creds, securitydept-creds-manage, securitydept-utils |
| Runtime stack | Rust, Axum, OpenID Connect, Tokio, Snafu, Tracing, Figment |
| Web UI | TypeScript, Vite, React, TanStack (Query/Router), Tailwind CSS, shadcn/ui |
| Tooling | mise (tools), pnpm, just, cargo, GitHub Actions |
See AGENTS.md for project rules (e.g. Rust + axum + openidconnect for server; TS + Vite + React for webui).
| Document | Focus |
|---|---|
| 00-overview.md | Goals, stack, index (this file). |
| architecture.md | Workspace layout, packages/apps, config and data model, request flow. |
| features.md | Implemented capabilities (OIDC, entries, groups, forward-auth, CLI, WebUI). |
| roadmap.md | Planned and future work. |
Main entry for the project: README.md.