commit 4b852dee3f86ee35cf1fce28899c3745ae9ba661 Author: Jan Dittberner Date: Sat Sep 11 12:16:14 2021 +0200 Basic project setup diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..1cbb302 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +.idea/ +certs/ +resource_app.toml diff --git a/README.md b/README.md new file mode 100644 index 0000000..463e805 --- /dev/null +++ b/README.md @@ -0,0 +1,109 @@ +# Demo OpenID connect application + +This repository contains a demo application using OAuth2/OpenID Connect to +authenticate and authorize users. + +The code in this repository is licensed under the terms of the Apache License +Version 2.0. + +Copyright © 2020, 2021 Jan Dittberner + +## Setup + +### Certificates + +You need a set of certificates for the application. You can use the Test CA +created by the ``setup_test_ca.sh`` script from the [CAcert developer +setup](https://git.dittberner.info/jan/cacert-devsetup) repository like this: + +1. create signing requests + + ``` + mkdir certs + cd certs + openssl req -new -newkey rsa:3072 -nodes \ + -keyout app.cacert.localhost.key \ + -out app.cacert.localhost.csr.pem \ + -subj /CN=app.cacert.localhost \ + -addext subjectAltName=DNS:app.cacert.localhost + cp *.csr.pem $PATH_TO_DEVSETUP_TESTCA/ + ``` + +2. Use the CA to sign the certificates + + ``` + pushd $PATH_TO_DEVSETUP_TESTCA/ + openssl ca -config ca.cnf -name class3_ca -extensions server_ext \ + -in app.cacert.localhost.csr.pem \ + -out app.cacert.localhost.crt.pem -days 365 + popd + cp $PATH_TO_DEVSETUP_TESTCA/app.cacert.localhost.crt.pem . + ``` + +### Configure the Demo Application + +You will need a 32 byte and a 64 byte random secret for the session +authentication and encryption keys: + +``` +openssl rand -base64 64 +openssl rand -base64 32 +``` + +You also need the client id and the client secret, that have been generated +during the OIDC client setup described above. + +``` +[oidc] +client-id = "" +client-secret = "" + +[session] +auth-key = "<64 bytes of base64 encoded data>" +enc-key = "<32 bytes of base64 encoded data>" +``` + +## Start + +Now you can start the demo application: + + ``` + go run cmd/app/main.go + ``` + +Visit https://app.cacert.localhost:4000/ in a Browser and you will be directed +through the OpenID connect authorization code flow. + +## Translations + +This application uses [go-i18n](https://github.com/nicksnyder/go-i18n/) for +internationalization (i18n) support. + +The translation workflow needs the `go18n` binary which can be installed via + +``` +go get -u github.com/nicksnyder/go-i18n/v2/goi18n +``` + +To extract new messages from the code run + +``` +goi18n extract . +``` + +Then use + +``` +goi18n merge active.*.toml +``` + +to create TOML files for translation as `translate..toml`. After +translating the messages run + +``` +goi18n merge active.*.toml translate.*.toml +``` + +to merge the messages back into the active translation files. To add a new +language you need to add the language code to the languages configuration +option (default is defined in the configmap in cmd/app/main.go). diff --git a/go.mod b/go.mod new file mode 100644 index 0000000..663651b --- /dev/null +++ b/go.mod @@ -0,0 +1,3 @@ +module git.cacert.org/oidc_demo_app + +go 1.17