You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
1 year ago | |
---|---|---|
.gitignore | 1 year ago | |
Makefile | 1 year ago | |
README.md | 1 year ago | |
go.mod | 1 year ago | |
go.sum | 1 year ago | |
main.go | 1 year ago | |
provider.go | 1 year ago |
README.md
loginsrv-oidc-provider
This is a simple implementation of the bare minimum required to support using loginsrv as a OIDC 1.0 provider.
The following specs are implemented:
- OpenID Connect 1.0 Authorization Code Flow and Implicit Flow
- OpenID Connect Content Discovery 1.0 Provider Metadata
- OAuth 2.0 Multiple Response Type Encoding Practices.
Most environment variables are the same as loginsrv to allow sharing configurations. The only additional configuration required is LOGINSRVOIDC_JWT_SECRET (for signing the OIDC tokens, must be RS256), LOGINSRVOIDC_CLIENTS (for specifying client IDs and redirect URIs) and LOGINSRVOIDC_LOGINSRV (for specifying the base URL of loginsrv).
The token returned is a modified version of the one returned by loginsrv, and resigned with a key specific to loginsrv-oidc-provider.
Note that there is no authorization prompt, although only registered callback URIs will be used.