You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

2.3 KiB

Demo OpenID connect application

This repository contains a demo application using OAuth2/OpenID Connect to authenticate and authorize users.

The code in this repository is licensed under the terms of the Apache License Version 2.0.

Copyright © 2020-2023 CAcert Inc.



You need a server certificate and corresponding private key to run demo-app.

An easy way to generate server certificate and key for local testing is mkcert.

Run mkcert to generate app.cacert.localhost.pem and app.cacert.localhost-key.pem:

mkcert -cert-file app.cacert.localhost

Configure the Demo Application

You will need a 32 byte and a 64 byte random secret for the session authentication and encryption keys:

openssl rand -base64 64
openssl rand -base64 32

You also need the client id and the client secret, that have been generated during the OIDC client setup described above.

Put the data into resource_app.toml:

client-id = "<client id from hydra clients invocation>"
client-secret = "<client secret from hydra clients invocation>"

auth-key = "<64 bytes of base64 encoded data>"
enc-key = "<32 bytes of base64 encoded data>"


Now you can start the demo application:


Visit https://app.cacert.localhost:4000/ in a Browser and you will be directed through the OpenID connect authorization code flow.


This application uses go-i18n for internationalization (i18n) support.

The translation workflow needs the go18n binary which can be installed via

go install

To extract new messages from the code run

cd translations
goi18n extract ..

Then use

cd translations
goi18n merge active.*.toml

to create TOML files for translation as translate.<locale>.toml.

After translating the messages run

cd translations
goi18n merge active.*.toml translate.*.toml

to merge the messages back into the active translation files. To add a new language you need to add the language code to the languages configuration option (default is defined in the configmap in services/configuration.go).