oidc-idp/README.md

110 lines
2.6 KiB
Markdown
Raw Normal View History

2021-09-11 10:10:04 +00:00
# CAcert OAuth2 / OpenID Connect IDP
This repository contains an implementation for an identity provider. [ORY
Hydra](https://www.ory.sh/hydra/) is used for the actual OAuth2 / OpenID
Connect operations. The implementation in this repository provides the end user
UI components that are required by Hydra to allow login and consent.
The code in this repository is licensed under the terms of the Apache License
Version 2.0.
2022-11-21 16:14:03 +00:00
Copyright © 2020-2022 Jan Dittberner
2021-09-11 10:10:04 +00:00
## Setup
### Certificates
You need a set of certificates for the IDP. You can use the Test CA created by
the ``setup_test_ca.sh`` script from the [CAcert developer
setup](https://git.dittberner.info/jan/cacert-devsetup) repository like this:
1. create signing requests
```
mkdir certs
cd certs
openssl req -new -newkey rsa:3072 -nodes \
-keyout idp.cacert.localhost.key \
-out idp.cacert.localhost.csr.pem \
-subj /CN=idp.cacert.localhost \
-addext subjectAltName=DNS:idp.cacert.localhost,DNS:login.cacert.localhost
cp *.csr.pem $PATH_TO_DEVSETUP_TESTCA/
```
2. Use the CA to sign the certificates
```
pushd $PATH_TO_DEVSETUP_TESTCA/
openssl ca -config ca.cnf -name class3_ca -extensions server_ext \
-in idp.cacert.localhost.csr.pem \
-out idp.cacert.localhost.crt.pem -days 365
popd
cp $PATH_TO_DEVSETUP_TESTCA/idp.cacert.localhost.crt.pem .
```
3. Copy CA certificate for client certificates
```
openssl x509 -in $PATH_TO_DEVSETUP_TESTCA/class3/ca.crt.pem \
-out client_ca.pem
```
### Configure IDP
The Identity Provider application (IDP) requires a strong random key for its
CSRF cookie. You can generate such a key using the following openssl command:
```
openssl rand -base64 32
```
Use this value to create `idp.toml`:
```
[security]
csrf.key = "<32 bytes of base64 encoded data>"
```
## Start
Now you can start the IDP:
```
2022-11-21 16:10:18 +00:00
make
go run cmd/idp.go
2021-09-11 10:10:04 +00:00
```
## Translations
This application uses [go-i18n](https://github.com/nicksnyder/go-i18n/) for
internationalization (i18n) support.
The translation workflow needs the `go18n` binary which can be installed via
```
2022-11-21 16:10:18 +00:00
go install github.com/nicksnyder/go-i18n/v2/goi18n
2021-09-11 10:10:04 +00:00
```
To extract new messages from the code run
```
goi18n extract .
```
Then use
```
goi18n merge active.*.toml
```
to create TOML files for translation as `translate.<locale>.toml`. After
translating the messages run
```
goi18n merge active.*.toml translate.*.toml
```
to merge the messages back into the active translation files. To add a new
language you need to add the language code to the languages configuration
option (default is defined in the configmap in cmd/idp.go).