npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

sso-auth-package

v1.0.0

Published

A modular, centralized SSO authentication system with email verification, password reset, 2FA, and full CRUD operations for users and admins.

Downloads

60

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

dayadevrahadayadevraha

Keywords

Readme

Authentication System with Single Sign-On (SSO)

Overview

This project implements a centralized authentication system with Single Sign-On (SSO) for multiple applications. The system is built using Node.js, Express.js, MongoDB, and JWT, with additional support for email verification, password resets, and two-factor authentication (2FA) using NodeMailer.

Key Features

  • User Authentication: Registration, login, and token-based authentication.
  • Single Sign-On (SSO): Authenticate once and access multiple websites.
  • Email Verification: Users must verify their email before accessing services.
  • Forgot Password / Password Reset: Secure recovery of forgotten passwords.
  • Two-Factor Authentication (2FA): OTP-based authentication via email.
  • CRUD Operations for Users & Admins:
    • Users/Admins can update their profiles.
    • Users/Admins can delete their accounts.
    • Users/Admins can view their own details.
  • Admin System:
    • Admins have role-based access control.
    • Permissions can be granularly assigned (e.g., user management, content control).
    • Admins can promote/demote other admins.
  • Security Enhancements:
    • Passwords are securely hashed before storage.
    • Rate-limiting is applied to prevent brute-force attacks.
    • Session tracking with IP, location, and login timestamps.
  • NodeMailer Integration:
    • Styled email templates for verification, password reset, and 2FA.
    • SMTP authentication using Google Workspace.

Technologies Used

  • Backend: Node.js, Express.js
  • Database: MongoDB (Mongoose ODM)
  • Authentication: JWT (JSON Web Tokens), bcrypt.js for password hashing
  • Email Service: NodeMailer with Google SMTP
  • Frontend: Not included (SSO-ready for integration)

1. File Structure

project-root/
├── src/
│   ├── config/
│   │   ├── db.js  # Database connection setup
│   ├── controllers/
│   │   ├── authController.js  # User authentication logic
│   │   ├── adminController.js  # Admin-specific logic
│   │   ├── userController.js  # User management logic
│   │   ├── emailController.js  # Handles sending emails
│   ├── middlewares/
│   │   ├── authMiddleware.js  # Protects routes
│   │   ├── rateLimiter.js  # Limits request rate
│   ├── models/
│   │   ├── User.js  # User schema
│   │   ├── Admin.js  # Admin schema
│   ├── routes/
│   │   ├── authRoutes.js  # Routes for authentication
│   │   ├── userRoutes.js  # User profile management
│   │   ├── adminRoutes.js  # Admin-specific operations
│   ├── services/
│   │   ├── emailService.js  # Handles email sending
│   ├── utils/
│   │   ├── helpers.js  # Utility functions
├── .env  # Environment variables
├── index.js  # Server entry point
├── package.json  # Dependencies
├── README.md  # Documentation

2. API Endpoints

Authentication (SSO)

Register User

  • Endpoint: POST /api/v1/auth/register

  • Request Body:

    {
  "name": "John Doe",
  "email": "[email protected]",
  "password": "SecurePassword123",
  "confirmPassword": "SecurePassword123"
}

Login User

  • Endpoint: POST /api/v1/auth/login

  • Request Body:

    {
  "email": "[email protected]",
  "password": "SecurePassword123"
}

Validate JWT Token

  • Endpoint: GET /api/v1/auth/validate-token
  • Headers: Authorization: Bearer JWT_TOKEN

Logout User

  • Endpoint: POST /api/v1/auth/logout

Email Verification & Password Recovery

Verify Email

  • Endpoint: GET /api/v1/auth/verify-email?token=TOKEN

Resend Verification Email

  • Endpoint: POST /api/v1/auth/resend-verification

  • Request Body:

    {
  "email": "[email protected]"
}

Forgot Password

Reset Password

  • Endpoint: POST /api/v1/auth/reset-password

  • Request Body:

    {
  "token": "RESET_TOKEN",
  "newPassword": "NewPassword123",
  "confirmPassword": "NewPassword123"
}

Two-Factor Authentication (2FA)

Send OTP

Verify OTP

  • Endpoint: POST /api/v1/auth/verify-otp

  • Request Body:

    {
  "email": "[email protected]",
  "otp": "123456"
}

CRUD Operations for Users & Admins

Get User Profile

  • Endpoint: GET /api/v1/auth/profile

Update User Profile

  • Endpoint: PUT /api/v1/auth/update-profile

  • Request Body:

    {
  "name": "New Name",
  "password": "NewPassword123"
}

Delete User Account

  • Endpoint: DELETE /api/v1/auth/delete-account

Similar endpoints exist for Admins under /api/v1/admin/...

3. Running the Project

1. Clone the Repository

git clone https://github.com/your-repo.git
cd sso-auth-server

2. Install Dependencies

npm install

3. Set Up Environment Variables

Create a .env file and add:

PORT=4000
MONGO_URI=your_mongo_connection_string
JWT_SECRET=your_jwt_secret
SMTP_HOST=smtp.gmail.com
SMTP_PORT=587
[email protected]
SMTP_PASS=your-app-password

4. Start the Server

npm start

4. Future Improvements

  • OAuth Support (Google, GitHub, Facebook authentication)
  • SMS-Based Two-Factor Authentication (Twilio)
  • Session Management for Logged-in Users
  • Logging & Monitoring (Winston, Loggly, Datadog)

5. License

MIT License

This README provides a full overview of the authentication system, API endpoints, and project setup.