Basic project setup
This commit is contained in:
commit
4b852dee3f
3 changed files with 115 additions and 0 deletions
3
.gitignore
vendored
Normal file
3
.gitignore
vendored
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
.idea/
|
||||||
|
certs/
|
||||||
|
resource_app.toml
|
109
README.md
Normal file
109
README.md
Normal file
|
@ -0,0 +1,109 @@
|
||||||
|
# Demo OpenID connect application
|
||||||
|
|
||||||
|
This repository contains a demo application using OAuth2/OpenID Connect to
|
||||||
|
authenticate and authorize users.
|
||||||
|
|
||||||
|
The code in this repository is licensed under the terms of the Apache License
|
||||||
|
Version 2.0.
|
||||||
|
|
||||||
|
Copyright © 2020, 2021 Jan Dittberner
|
||||||
|
|
||||||
|
## Setup
|
||||||
|
|
||||||
|
### Certificates
|
||||||
|
|
||||||
|
You need a set of certificates for the application. You can use the Test CA
|
||||||
|
created by the ``setup_test_ca.sh`` script from the [CAcert developer
|
||||||
|
setup](https://git.dittberner.info/jan/cacert-devsetup) repository like this:
|
||||||
|
|
||||||
|
1. create signing requests
|
||||||
|
|
||||||
|
```
|
||||||
|
mkdir certs
|
||||||
|
cd certs
|
||||||
|
openssl req -new -newkey rsa:3072 -nodes \
|
||||||
|
-keyout app.cacert.localhost.key \
|
||||||
|
-out app.cacert.localhost.csr.pem \
|
||||||
|
-subj /CN=app.cacert.localhost \
|
||||||
|
-addext subjectAltName=DNS:app.cacert.localhost
|
||||||
|
cp *.csr.pem $PATH_TO_DEVSETUP_TESTCA/
|
||||||
|
```
|
||||||
|
|
||||||
|
2. Use the CA to sign the certificates
|
||||||
|
|
||||||
|
```
|
||||||
|
pushd $PATH_TO_DEVSETUP_TESTCA/
|
||||||
|
openssl ca -config ca.cnf -name class3_ca -extensions server_ext \
|
||||||
|
-in app.cacert.localhost.csr.pem \
|
||||||
|
-out app.cacert.localhost.crt.pem -days 365
|
||||||
|
popd
|
||||||
|
cp $PATH_TO_DEVSETUP_TESTCA/app.cacert.localhost.crt.pem .
|
||||||
|
```
|
||||||
|
|
||||||
|
### Configure the Demo Application
|
||||||
|
|
||||||
|
You will need a 32 byte and a 64 byte random secret for the session
|
||||||
|
authentication and encryption keys:
|
||||||
|
|
||||||
|
```
|
||||||
|
openssl rand -base64 64
|
||||||
|
openssl rand -base64 32
|
||||||
|
```
|
||||||
|
|
||||||
|
You also need the client id and the client secret, that have been generated
|
||||||
|
during the OIDC client setup described above.
|
||||||
|
|
||||||
|
```
|
||||||
|
[oidc]
|
||||||
|
client-id = "<client id from hydra clients invocation>"
|
||||||
|
client-secret = "<client secret from hydra clients invocation>"
|
||||||
|
|
||||||
|
[session]
|
||||||
|
auth-key = "<64 bytes of base64 encoded data>"
|
||||||
|
enc-key = "<32 bytes of base64 encoded data>"
|
||||||
|
```
|
||||||
|
|
||||||
|
## Start
|
||||||
|
|
||||||
|
Now you can start the demo application:
|
||||||
|
|
||||||
|
```
|
||||||
|
go run cmd/app/main.go
|
||||||
|
```
|
||||||
|
|
||||||
|
Visit https://app.cacert.localhost:4000/ in a Browser and you will be directed
|
||||||
|
through the OpenID connect authorization code flow.
|
||||||
|
|
||||||
|
## Translations
|
||||||
|
|
||||||
|
This application uses [go-i18n](https://github.com/nicksnyder/go-i18n/) for
|
||||||
|
internationalization (i18n) support.
|
||||||
|
|
||||||
|
The translation workflow needs the `go18n` binary which can be installed via
|
||||||
|
|
||||||
|
```
|
||||||
|
go get -u github.com/nicksnyder/go-i18n/v2/goi18n
|
||||||
|
```
|
||||||
|
|
||||||
|
To extract new messages from the code run
|
||||||
|
|
||||||
|
```
|
||||||
|
goi18n extract .
|
||||||
|
```
|
||||||
|
|
||||||
|
Then use
|
||||||
|
|
||||||
|
```
|
||||||
|
goi18n merge active.*.toml
|
||||||
|
```
|
||||||
|
|
||||||
|
to create TOML files for translation as `translate.<locale>.toml`. After
|
||||||
|
translating the messages run
|
||||||
|
|
||||||
|
```
|
||||||
|
goi18n merge active.*.toml translate.*.toml
|
||||||
|
```
|
||||||
|
|
||||||
|
to merge the messages back into the active translation files. To add a new
|
||||||
|
language you need to add the language code to the languages configuration
|
||||||
|
option (default is defined in the configmap in cmd/app/main.go).
|
3
go.mod
Normal file
3
go.mod
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
module git.cacert.org/oidc_demo_app
|
||||||
|
|
||||||
|
go 1.17
|
Loading…
Reference in a new issue