2021-09-11 10:16:14 +00:00
|
|
|
# Demo OpenID connect application
|
|
|
|
|
|
|
|
This repository contains a demo application using OAuth2/OpenID Connect to
|
|
|
|
authenticate and authorize users.
|
|
|
|
|
|
|
|
The code in this repository is licensed under the terms of the Apache License
|
|
|
|
Version 2.0.
|
|
|
|
|
2023-07-29 16:35:29 +00:00
|
|
|
Copyright © 2020-2023 CAcert Inc.
|
2021-09-11 10:16:14 +00:00
|
|
|
|
|
|
|
## Setup
|
|
|
|
|
|
|
|
### Certificates
|
|
|
|
|
2023-07-29 15:46:33 +00:00
|
|
|
You need a server certificate and corresponding private key to run `demo-app`.
|
|
|
|
|
|
|
|
An easy way to generate server certificate and key for local testing is
|
|
|
|
[`mkcert`](https://github.com/FiloSottile/mkcert/releases).
|
|
|
|
|
|
|
|
Run `mkcert` to generate `app.cacert.localhost.pem` and `app.cacert.localhost-key.pem`:
|
|
|
|
|
|
|
|
```shell
|
|
|
|
mkcert -cert-file app.cacert.localhost
|
|
|
|
```
|
2021-09-11 10:16:14 +00:00
|
|
|
|
|
|
|
### Configure the Demo Application
|
|
|
|
|
|
|
|
You will need a 32 byte and a 64 byte random secret for the session
|
|
|
|
authentication and encryption keys:
|
|
|
|
|
|
|
|
```
|
|
|
|
openssl rand -base64 64
|
|
|
|
openssl rand -base64 32
|
|
|
|
```
|
|
|
|
|
|
|
|
You also need the client id and the client secret, that have been generated
|
|
|
|
during the OIDC client setup described above.
|
|
|
|
|
2023-07-29 15:46:33 +00:00
|
|
|
Put the data into `resource_app.toml`:
|
|
|
|
|
|
|
|
```ini
|
2021-09-11 10:16:14 +00:00
|
|
|
[oidc]
|
|
|
|
client-id = "<client id from hydra clients invocation>"
|
|
|
|
client-secret = "<client secret from hydra clients invocation>"
|
|
|
|
|
|
|
|
[session]
|
|
|
|
auth-key = "<64 bytes of base64 encoded data>"
|
|
|
|
enc-key = "<32 bytes of base64 encoded data>"
|
|
|
|
```
|
|
|
|
|
|
|
|
## Start
|
|
|
|
|
|
|
|
Now you can start the demo application:
|
|
|
|
|
2023-07-29 15:46:33 +00:00
|
|
|
```shell
|
|
|
|
make
|
|
|
|
./demo-app
|
|
|
|
```
|
2021-09-11 10:16:14 +00:00
|
|
|
|
|
|
|
Visit https://app.cacert.localhost:4000/ in a Browser and you will be directed
|
|
|
|
through the OpenID connect authorization code flow.
|
|
|
|
|
|
|
|
## Translations
|
|
|
|
|
|
|
|
This application uses [go-i18n](https://github.com/nicksnyder/go-i18n/) for
|
|
|
|
internationalization (i18n) support.
|
|
|
|
|
|
|
|
The translation workflow needs the `go18n` binary which can be installed via
|
|
|
|
|
|
|
|
```
|
2022-11-21 16:14:29 +00:00
|
|
|
go install github.com/nicksnyder/go-i18n/v2/goi18n
|
2021-09-11 10:16:14 +00:00
|
|
|
```
|
|
|
|
|
|
|
|
To extract new messages from the code run
|
|
|
|
|
2023-07-29 15:46:33 +00:00
|
|
|
```shell
|
|
|
|
cd translations
|
|
|
|
goi18n extract ..
|
2021-09-11 10:16:14 +00:00
|
|
|
```
|
|
|
|
|
|
|
|
Then use
|
|
|
|
|
2023-07-29 15:46:33 +00:00
|
|
|
```shell
|
|
|
|
cd translations
|
2021-09-11 10:16:14 +00:00
|
|
|
goi18n merge active.*.toml
|
|
|
|
```
|
|
|
|
|
2023-07-29 15:46:33 +00:00
|
|
|
to create TOML files for translation as `translate.<locale>.toml`.
|
2021-09-11 10:16:14 +00:00
|
|
|
|
2023-07-29 15:46:33 +00:00
|
|
|
After translating the messages run
|
|
|
|
|
|
|
|
```shell
|
|
|
|
cd translations
|
2021-09-11 10:16:14 +00:00
|
|
|
goi18n merge active.*.toml translate.*.toml
|
|
|
|
```
|
|
|
|
|
|
|
|
to merge the messages back into the active translation files. To add a new
|
|
|
|
language you need to add the language code to the languages configuration
|
2023-07-29 15:46:33 +00:00
|
|
|
option (default is defined in the configmap in `services/configuration.go`).
|