go-oidc-exptis an experimental implementation of OpenID provider with Go.- The results of the conformance test is available here.
- Authorization Code Flow
- Implicit Flow
- Hybrid Flow
./scripts/bootstrap/brew.sh
./scripts/bootstrap/keypair.sh
./scripts/bootstrap/key.sh
The script creates a key pair in pkg/xjwt/cert.
References:
For the conformance test of OpenID connect.
mkcert -install
mkcert localhost host.docker.internal
cat localhost+1.pem > localhost+1-fullchain.pem
cat "$(mkcert -CAROOT)/rootCA.pem" >> localhost+1-fullchain.pem
openssl dhparam -out dhparam.pem 2048
mv *.pem docker/load-balancer/etc/nginx/ssl
make up
The containers:
- can be stopped with
make stop- Stopped containers can be started with
make start
- Stopped containers can be started with
- can be stopped and removed with
make down - and volumes can be deleted with
make destroy
make migrate-apply SERVICE=db DATABASE=idp
make migrate-apply SERVICE=db DATABASE=idp_test
make supports the following commands:
| Command | Detail |
|---|---|
| build | Build a docker image to deploy |
| build-local | Build docker images |
| benchmark | Run all benchmarks |
| cleanup-db | Clean up database |
| cleanup-go | Clean up caches |
| fmt | Run formatter |
| gen | Run generator |
| lint | Run linters |
| migrate-apply | Apply migrations |
| migrate-diff | Generate migrations |
| migrate-lint | Run analysis on the migration directory |
| resolve | Resolve dependencies |
| seed | Seeding database |
| test | Run all tests |
| up | Create and start containers |
| down | Stop and remove containers |
| start | Start containers |
| stop | Stop containers |
| destroy | Delete all resources |
e.g. The following command generates AuthCode schema.
go run -mod=mod entgo.io/ent/cmd/ent new --target pkg/ent/schema AuthCode
make migrate-diff MIGRATION_NAME=<MIGRATION_NAME>
| Parameter | Detail |
|---|---|
| MIGRATION_NAME | A part of migration file name. The filename is determined according to the format %Y%m%d%H%i%S_<MIGRATION_NAME>.sql. |
make migrate-lint [N_LATEST=<N_LATEST>]
| Parameter | Detail |
|---|---|
| N_LATEST | The number of latest migration files to be analyzed. migrate-list.sh runs analysis on them. |
If N_LATEST isn't specified, the diff between main branch and the current one is selected as the changeset.
make migrate-apply DB_NAMES=idp,idp_test
| Parameter | Detail |
|---|---|
| DB_NAMES | Database names that will be applied migrations. |
make seed
API specification (Swagger UI) is available on http://localhost:8880. Before accessing the URL, it needs to run the following command to start swagger-ui container.
docker compose up -d swagger-ui
- Cryptography
- ECC SubjectPublicKeyInfo Format
- 2.2. Subject Public Key
- ECC SubjectPublicKeyInfo Format
- Identifier
- OpenID Connect
- OpenID Connect Core 1.0 incorporating errata set 1
- JSON Web Key (JWK)
- JSON Web Algorithms (JWA)
- Conformance Test
- OpenAPI
- OTP
- Password
- Session
- Others
- Computer Science
- Memory Model
- Synchronization
- Others