# OpenID Connect client registration for CAcert This repository contains an implementation for a OAuth2/OpenID Connect client registration application that is meant to be used with [ORY Hydra](https://www.ory.sh/hydra/). The code in this repository is licensed under the terms of the Apache License Version 2.0. Copyright © 2021 Jan Dittberner ## Setup ### Certificates You need a set of certificates for the client registration application. You can use the Test CA created by the ``setup_test_ca.sh`` script from the [CAcert developer setup](https://git.dittberner.info/jan/cacert-devsetup) repository like this: 1. create signing request ``` mkdir certs cd certs openssl req -new -newkey rsa:3072 -nodes \ -keyout registration.cacert.localhost.key \ -out registration.cacert.localhost.csr.pem \ -subj /CN=registration.cacert.localhost \ -addext subjectAltName=DNS:registration.cacert.localhost cp *.csr.pem $PATH_TO_DEVSETUP_TESTCA/ ``` 2. Use the CA to sign the certificates ``` pushd $PATH_TO_DEVSETUP_TESTCA/ openssl ca -config ca.cnf -name class3_ca -extensions server_ext \ -in registration.cacert.localhost.csr.pem \ -out registration.cacert.localhost.crt.pem -days 365 popd cp $PATH_TO_DEVSETUP_TESTCA/registration.cacert.localhost.crt.pem . ``` 3. Copy CA certificate for client certificates ``` openssl x509 -in $PATH_TO_DEVSETUP_TESTCA/class3/ca.crt.pem \ -out client_ca.pem ``` ### Configure registration The client registration application requires a strong random key for its CSRF cookie. You can generate such a key using the following openssl command: ``` openssl rand -base64 32 ``` Use this value and the URL of the Hydra admin API to create `registration.toml`: ``` [security] csrf.key = "<32 bytes of base64 encoded data>" [hydra] admin.url = "https://hydra.cacert.localhost:4445/" ``` ## Start Now you can start Hydra, the IDP and the demo app in 3 terminal windows: ``` go run cmd/registration/main.go ``` Visit https://registration.cacert.localhost:5000/ in a Browser to use the client registration application. ## Translations This application uses [go-i18n](https://github.com/nicksnyder/go-i18n/) for internationalization (i18n) support. The translation workflow needs the `go18n` binary which can be installed via ``` go get -u github.com/nicksnyder/go-i18n/v2/goi18n ``` To extract new messages from the code run ``` goi18n extract . ``` Then use ``` goi18n merge active.*.toml ``` to create TOML files for translation as `translate..toml`. After translating the messages run ``` goi18n merge active.*.toml translate.*.toml ``` to merge the messages back into the active translation files. To add a new language you need to add the language code to the languages configuration option (default is defined in the configmap in cmd/idp/main.go and cmd/app/main.go).