A self-hosted software license management server with OAuth/OpenID Connect authentication.
- OAuth 2.0 / OpenID Connect Authentication - Integrates with any OIDC-compliant identity provider
- JWT Token Verification - Supports JWKS, PEM files, or shared secrets
- License Management - Issue, track, and revoke software licenses
- Group-Based Access Control - Admin permissions via OIDC group claims
- Multi-Database Support - SQLite for development, MariaDB for production
- Modern Frontend - Svelte 5 with TypeScript
| Component | Technology |
|---|---|
| Backend | C++23, Crow (REST framework) |
| Frontend | Svelte 5, TypeScript, Vite |
| Databases | SQLite, MariaDB |
| Auth | OAuth 2.0, OpenID Connect, JWT |
-
Copy the example environment and configure:
cp config.yml.example config.yml # Edit config.yml with your OAuth provider details -
Create a
.envfile with your secrets:DB_PASSWORD=your-secure-password DB_ROOT_PASSWORD=your-root-password OAUTH_DISCOVERY_URL=https://your-idp.example.com/.well-known/openid-configuration OAUTH_CLIENT_ID=license-server OAUTH_CLIENT_SECRET=your-client-secret OAUTH_REDIRECT_URI=https://your-domain.example.com/api/v1/auth/callback JWT_JWKS_URL=https://your-idp.example.com/.well-known/jwks.json JWT_ISSUER=https://your-idp.example.com JWT_AUDIENCE=license-server
-
Start the services:
docker-compose up -d
The application will be available at http://localhost:8080.
- C++23 compiler (GCC 13+ or Clang 16+)
- CMake 3.25+
- OpenSSL
- libcurl
- SQLite3
- MariaDB client libraries
- Node.js 18+ (for frontend)
cd backend
mkdir build && cd build
cmake ..
make -j$(nproc)cd frontend
npm install
npm run build./backend/build/license_server --config config.ymlConfiguration is loaded from a YAML file. See config.yml.example for all available options.
Key configuration sections:
- server - Host, port, static file directory
- database - SQLite or MariaDB connection settings
- oauth - OAuth/OIDC provider configuration
- jwt - JWT verification settings (JWKS, PEM, or secret)
- free_quota - Monthly license quota settings
Environment variables can override config file settings using the LS_ prefix (e.g., LS_DB_HOST maps to database.db_host).
The server exposes a REST API under /api/v1/:
GET /api/v1/auth/login- Initiate OAuth loginGET /api/v1/auth/callback- OAuth callback endpointGET /api/v1/auth/logout- Logout and clear sessionGET /api/v1/apps- List applicationsGET /api/v1/licenses- List licensesGET /api/v1/groups- List groupsGET /api/v1/users- List users
API endpoints require authentication via session cookie or Bearer token.
.
├── backend/
│ ├── src/
│ │ ├── api/ # REST API handlers and routing
│ │ ├── auth/ # OAuth, JWT, session management
│ │ ├── config/ # Configuration loading
│ │ ├── database/ # Database abstraction
│ │ ├── models/ # Data models
│ │ ├── services/ # Business logic
│ │ └── utils/ # Utilities
│ └── CMakeLists.txt
├── frontend/
│ ├── src/
│ │ ├── components/ # Svelte components
│ │ ├── pages/ # Page components
│ │ ├── lib/ # Utilities
│ │ └── routes/ # Route definitions
│ └── package.json
├── tests/
│ ├── docker/ # Docker-based integration tests
│ └── playwright/ # E2E tests
├── docker-compose.yml
├── Dockerfile
└── config.yml.example
cd backend
mkdir build && cd build
cmake -DCMAKE_BUILD_TYPE=Debug ..
make -j$(nproc)cd frontend
npm install
npm run devThe frontend dev server proxies API requests to http://localhost:8080.
cd tests/playwright
npm install
npx playwright test- Always use HTTPS in production
- Configure proper CORS settings
- Use strong, unique secrets for OAuth client and JWT signing
- Regularly rotate JWT signing keys
- Set appropriate cookie flags (Secure, HttpOnly, SameSite)
This project is licensed under the GNU Affero General Public License v3.0 (AGPL-3.0). See the LICENSE file for details.
This means:
- You can use, modify, and distribute this software
- If you modify and run it as a network service, you must provide the source code to users
- Derivative works must also be licensed under AGPL-3.0