Jan Dittberner
3bb3b2db0c
- copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc |
||
---|---|---|
cmd | ||
handlers | ||
models | ||
services | ||
templates | ||
.gitignore | ||
active.de.toml | ||
active.en.toml | ||
go.mod | ||
go.sum | ||
README.md |
Demo OpenID connect application
This repository contains a demo application using OAuth2/OpenID Connect to authenticate and authorize users.
The code in this repository is licensed under the terms of the Apache License Version 2.0.
Copyright © 2020, 2021 Jan Dittberner
Setup
Certificates
You need a set of certificates for the application. You can use the Test CA
created by the setup_test_ca.sh
script from the CAcert developer
setup repository like this:
-
create signing requests
mkdir certs cd certs openssl req -new -newkey rsa:3072 -nodes \ -keyout app.cacert.localhost.key \ -out app.cacert.localhost.csr.pem \ -subj /CN=app.cacert.localhost \ -addext subjectAltName=DNS:app.cacert.localhost cp *.csr.pem $PATH_TO_DEVSETUP_TESTCA/
-
Use the CA to sign the certificates
pushd $PATH_TO_DEVSETUP_TESTCA/ openssl ca -config ca.cnf -name class3_ca -extensions server_ext \ -in app.cacert.localhost.csr.pem \ -out app.cacert.localhost.crt.pem -days 365 popd cp $PATH_TO_DEVSETUP_TESTCA/app.cacert.localhost.crt.pem .
Configure the Demo Application
You will need a 32 byte and a 64 byte random secret for the session authentication and encryption keys:
openssl rand -base64 64
openssl rand -base64 32
You also need the client id and the client secret, that have been generated during the OIDC client setup described above.
[oidc]
client-id = "<client id from hydra clients invocation>"
client-secret = "<client secret from hydra clients invocation>"
[session]
auth-key = "<64 bytes of base64 encoded data>"
enc-key = "<32 bytes of base64 encoded data>"
Start
Now you can start the demo application:
go run cmd/app.go
Visit https://app.cacert.localhost:4000/ in a Browser and you will be directed through the OpenID connect authorization code flow.
Translations
This application uses go-i18n for internationalization (i18n) support.
The translation workflow needs the go18n
binary which can be installed via
go get -u github.com/nicksnyder/go-i18n/v2/goi18n
To extract new messages from the code run
goi18n extract .
Then use
goi18n merge active.*.toml
to create TOML files for translation as translate.<locale>.toml
. After
translating the messages run
goi18n merge active.*.toml translate.*.toml
to merge the messages back into the active translation files. To add a new language you need to add the language code to the languages configuration option (default is defined in the configmap in cmd/app.go).