We're currently using this as our auth layer for <a href="https://empatico.org" rel="nofollow">https://empatico.org</a>, so it's production ready!
Today I was evaluating what I we should use for something like this, a unified Facade with an API.<p>We evaluated Traefik and Kong. Decision was for Kong, since we need more features like auth, logging, rate limit.
This looks pretty reasonable! I would love to see a Cloud Storage backend. A minor quibble is that I think that managing your own metrics in Redis is probably not the simplest or most flexible approach - instead, you should consider exposing a /metrics endpoint that can be ingested by the user's monitoring tool of choice (Prometheus/InfluxDB/etc).
Am I missing something, or does this really have no support for TOTP/HOTP? An authentication system without 2FA or U2F support in 2017 seems... lacking (or unfinished).
the toplevel links (implementation / deployment / configuration) don't work for me, they go to say<p>/keratin/authn-server/docs/config.md<p>which is a 404 presumably instead of<p>/keratin/authn-server/blob/master/docs/config.md
almost no test coverage. did i miss them ? for proper use in production you would need to have hundreds of unittests and a whole bunch of component + integration and e2e tests.