||2 years ago|
|.gitignore||2 years ago|
|Makefile||2 years ago|
|README.md||2 years ago|
|go.mod||2 years ago|
|go.sum||2 years ago|
|main.go||2 years ago|
|provider.go||2 years ago|
This is a simple implementation of the bare minimum required to support using loginsrv as a OIDC 1.0 provider.
The following specs are implemented:
- OpenID Connect 1.0 Authorization Code Flow and Implicit Flow
- OpenID Connect Content Discovery 1.0 Provider Metadata
- OAuth 2.0 Multiple Response Type Encoding Practices.
Most environment variables are the same as loginsrv to allow sharing configurations. The only additional configuration required is LOGINSRVOIDC_JWT_SECRET (for signing the OIDC tokens, must be RS256), LOGINSRVOIDC_CLIENTS (for specifying client IDs and redirect URIs) and LOGINSRVOIDC_LOGINSRV (for specifying the base URL of loginsrv).
The token returned is a modified version of the one returned by loginsrv, and resigned with a key specific to loginsrv-oidc-provider.
Note that there is no authorization prompt, although only registered callback URIs will be used.