go-oidc-expt

README

go-oidc-expt

• go-oidc-expt is an experimental implementation of OpenID provider with Go.
• The results of the conformance test is available here.

Features

Supported flows

• Authorization Code Flow
• Implicit Flow
• Hybrid Flow

Setup for development

Install required packages

./scripts/bootstrap/brew.sh

Generate key pair for signing access token

./scripts/bootstrap/keypair.sh

Generate keys for encrypting/decrypting cookie

./scripts/bootstrap/key.sh

The script creates a key pair in pkg/xjwt/cert.

References:

• Generating an Elliptic Curve keys

Generate certificates for load balancer

For the conformance test of OpenID connect.

mkcert -install
mkcert localhost host.docker.internal
cat localhost+1.pem > localhost+1-fullchain.pem
cat "$(mkcert -CAROOT)/rootCA.pem" >> localhost+1-fullchain.pem
openssl dhparam -out dhparam.pem 2048
mv *.pem docker/load-balancer/etc/nginx/ssl

Run containers

make up

The containers:

• can be stopped with make stop
  • Stopped containers can be started with make start
• can be stopped and removed with make down
• and volumes can be deleted with make destroy

Apply migrations

make migrate-apply SERVICE=db DATABASE=idp
make migrate-apply SERVICE=db DATABASE=idp_test

Commands and scripts

make supports the following commands:

Command	Detail
build	Build a docker image to deploy
build-local	Build docker images
benchmark	Run all benchmarks
cleanup-db	Clean up database
cleanup-go	Clean up caches
fmt	Run formatter
gen	Run generator
lint	Run linters
migrate-apply	Apply migrations
migrate-diff	Generate migrations
migrate-lint	Run analysis on the migration directory
resolve	Resolve dependencies
seed	Seeding database
test	Run all tests
up	Create and start containers
down	Stop and remove containers
start	Start containers
stop	Stop containers
destroy	Delete all resources

Generating database schema

e.g. The following command generates AuthCode schema.

go run -mod=mod entgo.io/ent/cmd/ent new --target pkg/ent/schema AuthCode

Generating versioned a migration file

make migrate-diff MIGRATION_NAME=<MIGRATION_NAME>

Parameter	Detail
MIGRATION_NAME	A part of migration file name. The filename is determined according to the format %Y%m%d%H%i%S_<MIGRATION_NAME>.sql.

Verifying and linting migrations

make migrate-lint [N_LATEST=<N_LATEST>]

Parameter	Detail
N_LATEST	The number of latest migration files to be analyzed. migrate-list.sh runs analysis on them.

If N_LATEST isn't specified, the diff between main branch and the current one is selected as the changeset.

Applying migrations

make migrate-apply DB_NAMES=idp,idp_test

Parameter	Detail
DB_NAMES	Database names that will be applied migrations.

Seeding database

make seed

Documents

Swagger

API specification (Swagger UI) is available on http://localhost:8880. Before accessing the URL, it needs to run the following command to start swagger-ui container.

docker compose up -d swagger-ui

References

• Cryptography
  • ECC SubjectPublicKeyInfo Format
    • 2.2. Subject Public Key
• Identifier
  • Awesome Identifiers
  • sonyflake
  • Universally Unique Lexicographically Sortable Identifier
• OpenID Connect
  • OpenID Connect Core 1.0 incorporating errata set 1
    • English
    • Japanese
  • JSON Web Key (JWK)
  • JSON Web Algorithms (JWA)
  • Conformance Test
    • About the Conformance Suite
    • OpenID Connect Conformance Profiles v3.0
• OpenAPI
  • OpenAPI.Tools
• OTP
  • RFC4226: An HMAC-Based One-Time Password Algorithm
  • RFC6238: Time-Based One-Time Password Algorithm
  • Key Uri Format
  • TOTP Base32 vs Base64
• Password
  • Password Storage Cheat Sheet
• Session
  • Session Management Cheat Sheet
• Others
  • The Base16, Base32, and Base64 Data Encodings

Miscellaneous

• Computer Science
  • Memory Model
    • The Go Memory Model
    • Memory Models
      • Memory barrier
      • Out-of-order execution
  • Synchronization
    • Lock-free/Wait-free algorithm
    • Semaphore
• Others
  • Go Style Decisions: Naming
  • Go at Google: Language Design in the Service of Software Engineering
  • Standard Go Project Layout