README
¶
go-oidc - A Configurable OpenID Provider built in Go.
go-oidc is a client module that provides a configurable Authorization Server with support for OpenID Connect and other standards.
This library implements the following specifications:
- OpenID Connect Core 1.0
- OpenID Connect Discovery 1.0
RFC 6749- The OAuth 2.0 Authorization Framework- OpenID Connect Dynamic Client Registration 1.0
RFC 7591- OAuth 2.0 Dynamic Client Registration Protocol (DCR)RFC 7592- OAuth 2.0 Dynamic Client Registration Management Protocol (DCM)RFC 9126- OAuth 2.0 Pushed Authorization Requests (PAR)RFC 9101- The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR)- JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)
RFC 7636- Proof Key for Code Exchange by OAuth Public Clients (PKCE)RFC 9207- OAuth 2.0 Authorization Server Issuer IdentificationRFC 8705- OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access TokensRFC 9449- OAuth 2.0 Demonstrating Proof of Possession (DPoP)RFC 9396- OAuth 2.0 Rich Authorization Requests (RAR)RFC 8707- Resource Indicators for OAuth 2.0RFC 7662- OAuth 2.0 Token IntrospectionRFC 7009- OAuth 2.0 Token Revocation- OpenID Connect Client-Initiated Backchannel Authentication Flow - Core 1.0 (CIBA)
Certification
Luiky Vasconcelos has certified that go-oidc conforms to the following profile of the OpenID Connect™ protocol.
- Basic OP
- FAPI 2.0
Get Started
To start using the go-oidc module in your project, install it with
go get github.com/luikyv/go-oidc@latest
Once installed, you can instantiate an openid provider and run it as shown below.
key, _ := rsa.GenerateKey(rand.Reader, 2048)
jwk := goidc.JSONWebKey{
KeyID: "server_key",
Key: key,
Algorithm: string(goidc.RS256),
Use: string(goidc.KeyUsageSignature),
}
op, _ := provider.New(
goidc.ProfileOpenID,
"http://localhost",
func(_ context.Context) (goidc.JSONWebKeySet, error) {
return goidc.JSONWebKeySet{
Keys: []goidc.JSONWebKey{jwk},
}, nil
},
)
op.Run(":80")
You can then check the default configurations by accessing http://localhost/.well-known/openid-configuration.
Directories
¶
| Path | Synopsis |
|---|---|
|
examples
|
|
|
authutil
Package authutil contains utilities to set up example authorization server using goidc.
|
Package authutil contains utilities to set up example authorization server using goidc. |
|
fapi1
Example fapi1 demonstrates the implementation of an Authorization Server that complies with the FAPI 1.0 specifications.
|
Example fapi1 demonstrates the implementation of an Authorization Server that complies with the FAPI 1.0 specifications. |
|
fapi2
Example fapi2 demonstrates the implementation of an Authorization Server that complies with the FAPI 2.0 specifications.
|
Example fapi2 demonstrates the implementation of an Authorization Server that complies with the FAPI 2.0 specifications. |
|
fapiciba
Example fapiciba demonstrates the implementation of an Authorization Server that complies with the FAPI CIBA specification.
|
Example fapiciba demonstrates the implementation of an Authorization Server that complies with the FAPI CIBA specification. |
|
oidc
Example oidc demonstrates the implementation of an Authorization Server that complies with the OpenID Connect specifications.
|
Example oidc demonstrates the implementation of an Authorization Server that complies with the OpenID Connect specifications. |
|
internal
|
|
|
authorize
Package authorize handles the implementation of endpoints for authorization requests and pushed authorization requests.
|
Package authorize handles the implementation of endpoints for authorization requests and pushed authorization requests. |
|
dcr
Package dcr implements the dynamic client registration and management endpoints.
|
Package dcr implements the dynamic client registration and management endpoints. |
|
discovery
Package discovery implements the endpoints where information about the Open ID Provider and its public JWKS is shared.
|
Package discovery implements the endpoints where information about the Open ID Provider and its public JWKS is shared. |
|
oidc
Package oidc is a complement of the package goidc containing private structs and functions that are not meant to be accessible for users of goidc.
|
Package oidc is a complement of the package goidc containing private structs and functions that are not meant to be accessible for users of goidc. |
|
storage
Package storage provides the default implementations of the storage interfaces goidc.ClientManager, goidc.AuthnSessionManager and goidc.GrantSessionManager.
|
Package storage provides the default implementations of the storage interfaces goidc.ClientManager, goidc.AuthnSessionManager and goidc.GrantSessionManager. |
|
strutil
Package strutil contains functions to help handling strings.
|
Package strutil contains functions to help handling strings. |
|
timeutil
Package timeutil provides utilities for working with time in a consistent manner.
|
Package timeutil provides utilities for working with time in a consistent manner. |
|
token
Package token implements all the logic to issue and validate rules related to access and ID tokens.
|
Package token implements all the logic to issue and validate rules related to access and ID tokens. |
|
userinfo
Package userinfo implements the user info endpoint.
|
Package userinfo implements the user info endpoint. |
|
pkg
|
|
|
goidc
Package goidc contains structs and functions which serve as the base to set up and interact with an OpenID Provider.
|
Package goidc contains structs and functions which serve as the base to set up and interact with an OpenID Provider. |
|
provider
Package provider implements a configurable Open ID provider.
|
Package provider implements a configurable Open ID provider. |
Click to show internal directories.
Click to hide internal directories.