OpenID Connect resource demo application
Find a file
2021-09-11 13:37:31 +02:00
cmd Initial OIDC resource app 2021-09-11 13:37:31 +02:00
handlers Initial OIDC resource app 2021-09-11 13:37:31 +02:00
models Initial OIDC resource app 2021-09-11 13:37:31 +02:00
services Initial OIDC resource app 2021-09-11 13:37:31 +02:00
templates Initial OIDC resource app 2021-09-11 13:37:31 +02:00
.gitignore Initial OIDC resource app 2021-09-11 13:37:31 +02:00
active.de.toml Initial OIDC resource app 2021-09-11 13:37:31 +02:00
active.en.toml Initial OIDC resource app 2021-09-11 13:37:31 +02:00
go.mod Initial OIDC resource app 2021-09-11 13:37:31 +02:00
go.sum Initial OIDC resource app 2021-09-11 13:37:31 +02:00
README.md Initial OIDC resource app 2021-09-11 13:37:31 +02:00

Demo OpenID connect application

This repository contains a demo application using OAuth2/OpenID Connect to authenticate and authorize users.

The code in this repository is licensed under the terms of the Apache License Version 2.0.

Copyright © 2020, 2021 Jan Dittberner

Setup

Certificates

You need a set of certificates for the application. You can use the Test CA created by the setup_test_ca.sh script from the CAcert developer setup repository like this:

  1. create signing requests

    mkdir certs
    cd certs
    openssl req -new -newkey rsa:3072 -nodes \
        -keyout app.cacert.localhost.key \
        -out app.cacert.localhost.csr.pem \
        -subj /CN=app.cacert.localhost \
        -addext subjectAltName=DNS:app.cacert.localhost
    cp *.csr.pem $PATH_TO_DEVSETUP_TESTCA/
    
  2. Use the CA to sign the certificates

    pushd $PATH_TO_DEVSETUP_TESTCA/
    openssl ca -config ca.cnf -name class3_ca -extensions server_ext \
        -in app.cacert.localhost.csr.pem \
        -out app.cacert.localhost.crt.pem -days 365
    popd
    cp $PATH_TO_DEVSETUP_TESTCA/app.cacert.localhost.crt.pem .
    

Configure the Demo Application

You will need a 32 byte and a 64 byte random secret for the session authentication and encryption keys:

openssl rand -base64 64
openssl rand -base64 32

You also need the client id and the client secret, that have been generated during the OIDC client setup described above.

[oidc]
client-id = "<client id from hydra clients invocation>"
client-secret = "<client secret from hydra clients invocation>"

[session]
auth-key = "<64 bytes of base64 encoded data>"
enc-key = "<32 bytes of base64 encoded data>"

Start

Now you can start the demo application:

go run cmd/app.go

Visit https://app.cacert.localhost:4000/ in a Browser and you will be directed through the OpenID connect authorization code flow.

Translations

This application uses go-i18n for internationalization (i18n) support.

The translation workflow needs the go18n binary which can be installed via

go get -u  github.com/nicksnyder/go-i18n/v2/goi18n

To extract new messages from the code run

goi18n extract .

Then use

goi18n merge active.*.toml

to create TOML files for translation as translate.<locale>.toml. After translating the messages run

goi18n merge active.*.toml translate.*.toml

to merge the messages back into the active translation files. To add a new language you need to add the language code to the languages configuration option (default is defined in the configmap in cmd/app.go).