oidc-idp/README.md

# CAcert OAuth2 / OpenID Connect IDP

This repository contains an implementation for an identity provider. [ORY
Hydra](https://www.ory.sh/hydra/) is used for the actual OAuth2 / OpenID
Connect operations. The implementation in this repository provides the end user
UI components that are required by Hydra to allow login and consent.

The code in this repository is licensed under the terms of the Apache License
Version 2.0.

Copyright © 2020-2023  Jan Dittberner

## Setup

### Certificates

You need a set of certificate and private key and a PEM file with CA
certificates used to verify client certificates to run `cacert-idp`.

An easy way to generate server certificate and key for local testing is
[`mkcert`](https://github.com/FiloSottile/mkcert/releases).

1. Run `mkcert` to generate `idp.cacert.localhost+1.pem` and
   `idp.cacert.localhost+1-key.pem`:

   ```shell
   mkcert -cert-file idp.cacert.localhost login.cacert.localhost
   ```

2. Copy CA certificate for client certificates
  
   ```shell
   (curl -s http://www.cacert.org/certs/CAcert_Class3Root_x14E228.crt ; \
    curl -s http://www.cacert.org/certs/root_X0F.crt ) > client_ca.pem
   ```

### Configure IDP

The Identity Provider application (IDP) requires a strong random key for its
CSRF cookie. You can generate such a key using the following openssl command:

```
openssl rand -base64 32
```

Use this value to create `idp.toml`:

```
[security]
csrf.key = "<32 bytes of base64 encoded data>"
```

## Start

Now you can start the IDP:

  ```
  make
  go run cmd/idp.go
  ```

## Translations

This application uses [go-i18n](https://github.com/nicksnyder/go-i18n/) for
internationalization (i18n) support.

The translation workflow needs the `go18n` binary which can be installed via

```
go install github.com/nicksnyder/go-i18n/v2/goi18n
```

To extract new messages from the code run

```
goi18n extract .
```

Then use

```
goi18n merge active.*.toml
```

to create TOML files for translation as `translate.<locale>.toml`. After
translating the messages run

```
goi18n merge active.*.toml translate.*.toml
```

to merge the messages back into the active translation files. To add a new
language you need to add the language code to the languages configuration
option (default is defined in the configmap in cmd/idp.go).
Add basic project information 2021-09-11 10:10:04 +00:00			`# CAcert OAuth2 / OpenID Connect IDP`

			`This repository contains an implementation for an identity provider. [ORY`
			`Hydra](https://www.ory.sh/hydra/) is used for the actual OAuth2 / OpenID`
			`Connect operations. The implementation in this repository provides the end user`
			`UI components that are required by Hydra to allow login and consent.`

			`The code in this repository is licensed under the terms of the Apache License`
			`Version 2.0.`

Improve documentation and defaults - recommend `mkcert` to generate certificates for local development - change default configuration to use files recommended in README.md - separate server name and bind address to allow binding to a local address but publish a different public name 2023-07-24 19:32:28 +00:00			`Copyright © 2020-2023 Jan Dittberner`
Add basic project information 2021-09-11 10:10:04 +00:00
			`## Setup`

			`### Certificates`

Improve documentation and defaults - recommend `mkcert` to generate certificates for local development - change default configuration to use files recommended in README.md - separate server name and bind address to allow binding to a local address but publish a different public name 2023-07-24 19:32:28 +00:00			`You need a set of certificate and private key and a PEM file with CA`
			certificates used to verify client certificates to run `cacert-idp`.
Add basic project information 2021-09-11 10:10:04 +00:00
Improve documentation and defaults - recommend `mkcert` to generate certificates for local development - change default configuration to use files recommended in README.md - separate server name and bind address to allow binding to a local address but publish a different public name 2023-07-24 19:32:28 +00:00			`An easy way to generate server certificate and key for local testing is`
			[`mkcert`](https://github.com/FiloSottile/mkcert/releases).
Add basic project information 2021-09-11 10:10:04 +00:00
Minor documentation and code improvements - fix name of certificate in README - avoid unneeded variable declaration in internal/services/i18n.go 2023-07-29 15:49:55 +00:00			1. Run `mkcert` to generate `idp.cacert.localhost+1.pem` and
Improve documentation and defaults - recommend `mkcert` to generate certificates for local development - change default configuration to use files recommended in README.md - separate server name and bind address to allow binding to a local address but publish a different public name 2023-07-24 19:32:28 +00:00			`idp.cacert.localhost+1-key.pem`:
Add basic project information 2021-09-11 10:10:04 +00:00
Improve documentation and defaults - recommend `mkcert` to generate certificates for local development - change default configuration to use files recommended in README.md - separate server name and bind address to allow binding to a local address but publish a different public name 2023-07-24 19:32:28 +00:00			```shell
			`mkcert -cert-file idp.cacert.localhost login.cacert.localhost`
Add basic project information 2021-09-11 10:10:04 +00:00			```

Improve documentation and defaults - recommend `mkcert` to generate certificates for local development - change default configuration to use files recommended in README.md - separate server name and bind address to allow binding to a local address but publish a different public name 2023-07-24 19:32:28 +00:00			`2. Copy CA certificate for client certificates`
Add basic project information 2021-09-11 10:10:04 +00:00
Improve documentation and defaults - recommend `mkcert` to generate certificates for local development - change default configuration to use files recommended in README.md - separate server name and bind address to allow binding to a local address but publish a different public name 2023-07-24 19:32:28 +00:00			```shell
			`(curl -s http://www.cacert.org/certs/CAcert_Class3Root_x14E228.crt ; \`
			`curl -s http://www.cacert.org/certs/root_X0F.crt ) > client_ca.pem`
Add basic project information 2021-09-11 10:10:04 +00:00			```

			`### Configure IDP`

			`The Identity Provider application (IDP) requires a strong random key for its`
			`CSRF cookie. You can generate such a key using the following openssl command:`

			```
			`openssl rand -base64 32`
			```

			Use this value to create `idp.toml`:

			```
			`[security]`
			`csrf.key = "<32 bytes of base64 encoded data>"`
			```

			`## Start`

			`Now you can start the IDP:`

			```
Update instructions for go 1.16+ 2022-11-21 16:10:18 +00:00			`make`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`go run cmd/idp.go`
Add basic project information 2021-09-11 10:10:04 +00:00			```

			`## Translations`

			`This application uses [go-i18n](https://github.com/nicksnyder/go-i18n/) for`
			`internationalization (i18n) support.`

			The translation workflow needs the `go18n` binary which can be installed via

			```
Update instructions for go 1.16+ 2022-11-21 16:10:18 +00:00			`go install github.com/nicksnyder/go-i18n/v2/goi18n`
Add basic project information 2021-09-11 10:10:04 +00:00			```

			`To extract new messages from the code run`

			```
			`goi18n extract .`
			```

			`Then use`

			```
			`goi18n merge active.*.toml`
			```

			to create TOML files for translation as `translate.<locale>.toml`. After
			`translating the messages run`

			```
			`goi18n merge active..toml translate..toml`
			```

			`to merge the messages back into the active translation files. To add a new`
			`language you need to add the language code to the languages configuration`
Initial IDP version - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:35:15 +00:00			`option (default is defined in the configmap in cmd/idp.go).`