cacert
/
oidc-registration
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
OpenID Connect registration management application to be used with ORY Hydra
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
58 KiB
Go 97.6%
Makefile 2.4%
 
 
main
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'main'
${ noResults }
Go to file
Jan Dittberner be9006546d Add Makefile 
This commit adds a Makefile to automate the build process for the
cacert-oidc-registration binary.
 		2 years ago
cmd Fix useless err parameter 2 years ago
handlers Add initial project setup 3 years ago
services Add initial project setup 3 years ago
templates Add initial project setup 3 years ago
.gitignore Add Makefile 2 years ago
Makefile Add Makefile 2 years ago
README.md Add initial project setup 3 years ago
active.de.toml Add initial project setup 3 years ago
active.en.toml Add initial project setup 3 years ago
go.mod Add initial project setup 3 years ago
go.sum Add initial project setup 3 years ago

README.md

OpenID Connect client registration for CAcert

This repository contains an implementation for a OAuth2/OpenID Connect client registration application that is meant to be used with ORY Hydra.

The code in this repository is licensed under the terms of the Apache License Version 2.0.

Copyright © 2021 Jan Dittberner

Setup

Certificates

You need a set of certificates for the client registration application. You can use the Test CA created by the setup_test_ca.sh script from the CAcert developer setup repository like this:

  1. create signing request

    mkdir certs
cd certs
openssl req -new -newkey rsa:3072 -nodes \
    -keyout registration.cacert.localhost.key \
    -out registration.cacert.localhost.csr.pem \
    -subj /CN=registration.cacert.localhost \
    -addext subjectAltName=DNS:registration.cacert.localhost
cp *.csr.pem $PATH_TO_DEVSETUP_TESTCA/

  2. Use the CA to sign the certificates

    pushd $PATH_TO_DEVSETUP_TESTCA/
openssl ca -config ca.cnf -name class3_ca -extensions server_ext \
    -in registration.cacert.localhost.csr.pem \
    -out registration.cacert.localhost.crt.pem -days 365
popd
cp $PATH_TO_DEVSETUP_TESTCA/registration.cacert.localhost.crt.pem .

  3. Copy CA certificate for client certificates

    openssl x509 -in $PATH_TO_DEVSETUP_TESTCA/class3/ca.crt.pem \
    -out client_ca.pem

Configure registration

The client registration application requires a strong random key for its CSRF cookie. You can generate such a key using the following openssl command:

openssl rand -base64 32

Use this value and the URL of the Hydra admin API to create registration.toml:

[security]
csrf.key = "<32 bytes of base64 encoded data>"

[hydra]
admin.url = "https://hydra.cacert.localhost:4445/"

Start

Now you can start Hydra, the IDP and the demo app in 3 terminal windows:

go run cmd/registration/main.go

Visit https://registration.cacert.localhost:5000/ in a Browser to use the client registration application.

Translations

This application uses go-i18n for internationalization (i18n) support.

The translation workflow needs the go18n binary which can be installed via

go get -u  github.com/nicksnyder/go-i18n/v2/goi18n

To extract new messages from the code run

goi18n extract .

Then use

goi18n merge active.*.toml

to create TOML files for translation as translate.<locale>.toml. After translating the messages run

goi18n merge active.*.toml translate.*.toml

to merge the messages back into the active translation files. To add a new language you need to add the language code to the languages configuration option (default is defined in the configmap in cmd/idp/main.go and cmd/app/main.go).