oidc-demo-app/README.md

111 lines
2.7 KiB
Markdown
Raw Normal View History

2021-09-11 10:16:14 +00:00
# Demo OpenID connect application
This repository contains a demo application using OAuth2/OpenID Connect to
authenticate and authorize users.
The code in this repository is licensed under the terms of the Apache License
Version 2.0.
2022-11-21 16:14:29 +00:00
Copyright © 2020-2022 Jan Dittberner
2021-09-11 10:16:14 +00:00
## Setup
### Certificates
You need a set of certificates for the application. You can use the Test CA
created by the ``setup_test_ca.sh`` script from the [CAcert developer
setup](https://git.dittberner.info/jan/cacert-devsetup) repository like this:
1. create signing requests
```
mkdir certs
cd certs
openssl req -new -newkey rsa:3072 -nodes \
-keyout app.cacert.localhost.key \
-out app.cacert.localhost.csr.pem \
-subj /CN=app.cacert.localhost \
-addext subjectAltName=DNS:app.cacert.localhost
cp *.csr.pem $PATH_TO_DEVSETUP_TESTCA/
```
2. Use the CA to sign the certificates
```
pushd $PATH_TO_DEVSETUP_TESTCA/
openssl ca -config ca.cnf -name class3_ca -extensions server_ext \
-in app.cacert.localhost.csr.pem \
-out app.cacert.localhost.crt.pem -days 365
popd
cp $PATH_TO_DEVSETUP_TESTCA/app.cacert.localhost.crt.pem .
```
### Configure the Demo Application
You will need a 32 byte and a 64 byte random secret for the session
authentication and encryption keys:
```
openssl rand -base64 64
openssl rand -base64 32
```
You also need the client id and the client secret, that have been generated
during the OIDC client setup described above.
```
[oidc]
client-id = "<client id from hydra clients invocation>"
client-secret = "<client secret from hydra clients invocation>"
[session]
auth-key = "<64 bytes of base64 encoded data>"
enc-key = "<32 bytes of base64 encoded data>"
```
## Start
Now you can start the demo application:
```
2022-11-21 16:14:29 +00:00
make
go run cmd/app.go
2021-09-11 10:16:14 +00:00
```
Visit https://app.cacert.localhost:4000/ in a Browser and you will be directed
through the OpenID connect authorization code flow.
## Translations
This application uses [go-i18n](https://github.com/nicksnyder/go-i18n/) for
internationalization (i18n) support.
The translation workflow needs the `go18n` binary which can be installed via
```
2022-11-21 16:14:29 +00:00
go install github.com/nicksnyder/go-i18n/v2/goi18n
2021-09-11 10:16:14 +00:00
```
To extract new messages from the code run
```
goi18n extract .
```
Then use
```
goi18n merge active.*.toml
```
to create TOML files for translation as `translate.<locale>.toml`. After
translating the messages run
```
goi18n merge active.*.toml translate.*.toml
```
to merge the messages back into the active translation files. To add a new
language you need to add the language code to the languages configuration
option (default is defined in the configmap in cmd/app.go).