oidc-demo-app/README.md

# Demo OpenID connect application

This repository contains a demo application using OAuth2/OpenID Connect to
authenticate and authorize users.

The code in this repository is licensed under the terms of the Apache License
Version 2.0.

Copyright © 2020, 2021  Jan Dittberner

## Setup

### Certificates

You need a set of certificates for the application. You can use the Test CA
created by the ``setup_test_ca.sh`` script from the [CAcert developer
setup](https://git.dittberner.info/jan/cacert-devsetup) repository like this:

1. create signing requests

   ```
   mkdir certs
   cd certs
   openssl req -new -newkey rsa:3072 -nodes \
       -keyout app.cacert.localhost.key \
       -out app.cacert.localhost.csr.pem \
       -subj /CN=app.cacert.localhost \
       -addext subjectAltName=DNS:app.cacert.localhost
   cp *.csr.pem $PATH_TO_DEVSETUP_TESTCA/
   ```

2. Use the CA to sign the certificates

   ```
   pushd $PATH_TO_DEVSETUP_TESTCA/
   openssl ca -config ca.cnf -name class3_ca -extensions server_ext \
       -in app.cacert.localhost.csr.pem \
       -out app.cacert.localhost.crt.pem -days 365
   popd
   cp $PATH_TO_DEVSETUP_TESTCA/app.cacert.localhost.crt.pem .
   ```

### Configure the Demo Application

You will need a 32 byte and a 64 byte random secret for the session
authentication and encryption keys:

```
openssl rand -base64 64
openssl rand -base64 32
```

You also need the client id and the client secret, that have been generated
during the OIDC client setup described above.

```
[oidc]
client-id = "<client id from hydra clients invocation>"
client-secret = "<client secret from hydra clients invocation>"

[session]
auth-key = "<64 bytes of base64 encoded data>"
enc-key = "<32 bytes of base64 encoded data>"
```

## Start

Now you can start the demo application:

  ```
  go run cmd/app/main.go
  ```

Visit https://app.cacert.localhost:4000/ in a Browser and you will be directed
through the OpenID connect authorization code flow.

## Translations

This application uses [go-i18n](https://github.com/nicksnyder/go-i18n/) for
internationalization (i18n) support.

The translation workflow needs the `go18n` binary which can be installed via

```
go get -u  github.com/nicksnyder/go-i18n/v2/goi18n
```

To extract new messages from the code run

```
goi18n extract .
```

Then use

```
goi18n merge active.*.toml
```

to create TOML files for translation as `translate.<locale>.toml`. After
translating the messages run

```
goi18n merge active.*.toml translate.*.toml
```

to merge the messages back into the active translation files. To add a new
language you need to add the language code to the languages configuration
option (default is defined in the configmap in cmd/app/main.go).
Basic project setup 2021-09-11 10:16:14 +00:00			`# Demo OpenID connect application`

			`This repository contains a demo application using OAuth2/OpenID Connect to`
			`authenticate and authorize users.`

			`The code in this repository is licensed under the terms of the Apache License`
			`Version 2.0.`

			`Copyright © 2020, 2021 Jan Dittberner`

			`## Setup`

			`### Certificates`

			`You need a set of certificates for the application. You can use the Test CA`
			created by the ``setup_test_ca.sh`` script from the [CAcert developer
			`setup](https://git.dittberner.info/jan/cacert-devsetup) repository like this:`

			`1. create signing requests`

			```
			`mkdir certs`
			`cd certs`
			`openssl req -new -newkey rsa:3072 -nodes \`
			`-keyout app.cacert.localhost.key \`
			`-out app.cacert.localhost.csr.pem \`
			`-subj /CN=app.cacert.localhost \`
			`-addext subjectAltName=DNS:app.cacert.localhost`
			`cp *.csr.pem $PATH_TO_DEVSETUP_TESTCA/`
			```

			`2. Use the CA to sign the certificates`

			```
			`pushd $PATH_TO_DEVSETUP_TESTCA/`
			`openssl ca -config ca.cnf -name class3_ca -extensions server_ext \`
			`-in app.cacert.localhost.csr.pem \`
			`-out app.cacert.localhost.crt.pem -days 365`
			`popd`
			`cp $PATH_TO_DEVSETUP_TESTCA/app.cacert.localhost.crt.pem .`
			```

			`### Configure the Demo Application`

			`You will need a 32 byte and a 64 byte random secret for the session`
			`authentication and encryption keys:`

			```
			`openssl rand -base64 64`
			`openssl rand -base64 32`
			```

			`You also need the client id and the client secret, that have been generated`
			`during the OIDC client setup described above.`

			```
			`[oidc]`
			`client-id = "<client id from hydra clients invocation>"`
			`client-secret = "<client secret from hydra clients invocation>"`

			`[session]`
			`auth-key = "<64 bytes of base64 encoded data>"`
			`enc-key = "<32 bytes of base64 encoded data>"`
			```

			`## Start`

			`Now you can start the demo application:`

			```
			`go run cmd/app/main.go`
			```

			`Visit https://app.cacert.localhost:4000/ in a Browser and you will be directed`
			`through the OpenID connect authorization code flow.`

			`## Translations`

			`This application uses [go-i18n](https://github.com/nicksnyder/go-i18n/) for`
			`internationalization (i18n) support.`

			The translation workflow needs the `go18n` binary which can be installed via

			```
			`go get -u github.com/nicksnyder/go-i18n/v2/goi18n`
			```

			`To extract new messages from the code run`

			```
			`goi18n extract .`
			```

			`Then use`

			```
			`goi18n merge active.*.toml`
			```

			to create TOML files for translation as `translate.<locale>.toml`. After
			`translating the messages run`

			```
			`goi18n merge active..toml translate..toml`
			```

			`to merge the messages back into the active translation files. To add a new`
			`language you need to add the language code to the languages configuration`
			`option (default is defined in the configmap in cmd/app/main.go).`