Jan Dittberner
44e18ca3a5
The primary change in this commit is the introduction of consent management. A few minor improvements have been made: - move common header to ui/templates/base.gohtml - add an I18NService to unify localization - add a handlers.getLocalizer function - fix translation extraction and merging in Makefile - add a new AuthMiddleware to centralize client certificate authentication - move client certificate handling to internal/handlers/security.go - improver error handling, allow localization of HTTP error messages |
9 months ago | |
---|---|---|
cmd/idp | 9 months ago | |
debian | 10 months ago | |
docs | 10 months ago | |
internal | 9 months ago | |
translations | 9 months ago | |
ui | 9 months ago | |
.gitignore | 9 months ago | |
.golangci.yml | 10 months ago | |
.goreleaser.yml | 10 months ago | |
LICENSE.txt | 1 year ago | |
Makefile | 9 months ago | |
README.md | 10 months ago | |
changelog.md | 9 months ago | |
go.mod | 9 months ago | |
go.sum | 9 months ago |
README.md
CAcert OAuth2 / OpenID Connect IDP
This repository contains an implementation for an identity provider. ORY Hydra is used for the actual OAuth2 / OpenID Connect operations. The implementation in this repository provides the end user UI components that are required by Hydra to allow login and consent.
The code in this repository is licensed under the terms of the Apache License Version 2.0.
Copyright © 2020-2023 Jan Dittberner
Setup
Certificates
You need a set of certificate and private key and a PEM file with CA
certificates used to verify client certificates to run cacert-idp
.
An easy way to generate server certificate and key for local testing is
mkcert
.
-
Run
mkcert
to generateidp.cacert.localhost+1.pem
andidp.cacert.localhost+1-key.pem
:mkcert -cert-file idp.cacert.localhost login.cacert.localhost
-
Copy CA certificate for client certificates
(curl -s http://www.cacert.org/certs/CAcert_Class3Root_x14E228.crt ; \ curl -s http://www.cacert.org/certs/root_X0F.crt ) > client_ca.pem
Configure IDP
The Identity Provider application (IDP) requires a strong random key for its CSRF cookie. You can generate such a key using the following openssl command:
openssl rand -base64 32
Use this value to create idp.toml
:
[security]
csrf.key = "<32 bytes of base64 encoded data>"
Start
Now you can start the IDP:
make
go run cmd/idp.go
Translations
This application uses go-i18n for internationalization (i18n) support.
The translation workflow needs the go18n
binary which can be installed via
go install github.com/nicksnyder/go-i18n/v2/goi18n
To extract new messages from the code run
goi18n extract .
Then use
goi18n merge active.*.toml
to create TOML files for translation as translate.<locale>.toml
. After
translating the messages run
goi18n merge active.*.toml translate.*.toml
to merge the messages back into the active translation files. To add a new language you need to add the language code to the languages configuration option (default is defined in the configmap in cmd/idp.go).