• Stars
    star
    1,298
  • Rank 36,246 (Top 0.8 %)
  • Language
    Go
  • License
    Apache License 2.0
  • Created almost 5 years ago
  • Updated 3 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Easy to use OpenID Connect client and server library written for Go and certified by the OpenID Foundation

OpenID Connect SDK (client and server) for Go

semantic-release Release GoDoc license release Go Report Card codecov

openid_certified

What Is It

This project is an easy-to-use client (RP) and server (OP) implementation for the OIDC (OpenID Connect) standard written for Go.

The RP is certified for the basic and config profile.

Whenever possible we tried to reuse / extend existing packages like OAuth2 for Go.

Basic Overview

The most important packages of the library:

/pkg
    /client            clients using the OP for retrieving, exchanging and verifying tokens       
        /rp            definition and implementation of an OIDC Relying Party (client)
        /rs            definition and implementation of an OAuth Resource Server (API)
    /op                definition and implementation of an OIDC OpenID Provider (server)
    /oidc              definitions shared by clients and server

/example
    /client/api        example of an api / resource server implementation using token introspection
    /client/app        web app / RP demonstrating authorization code flow using various authentication methods (code, PKCE, JWT profile)
    /client/github     example of the extended OAuth2 library, providing an HTTP client with a reuse token source
    /client/service    demonstration of JWT Profile Authorization Grant
    /server            examples of an OpenID Provider implementations (including dynamic) with some very basic login UI

How To Use It

Check the /example folder where example code for different scenarios is located.

# start oidc op server
# oidc discovery http://localhost:9998/.well-known/openid-configuration
go run github.com/zitadel/oidc/v2/example/server
# start oidc web client (in a new terminal)
CLIENT_ID=web CLIENT_SECRET=secret ISSUER=http://localhost:9998/ SCOPES="openid profile" PORT=9999 go run github.com/zitadel/oidc/v2/example/client/app
  • open http://localhost:9999/login in your browser
  • you will be redirected to op server and the login UI
  • login with user test-user@localhost and password verysecure
  • the OP will redirect you to the client app, which displays the user info

for the dynamic issuer, just start it with:

go run github.com/zitadel/oidc/v2/example/server/dynamic

the oidc web client above will still work, but if you add oidc.local (pointing to 127.0.0.1) in your hosts file you can also start it with:

CLIENT_ID=web CLIENT_SECRET=secret ISSUER=http://oidc.local:9998/ SCOPES="openid profile" PORT=9999 go run github.com/zitadel/oidc/v2/example/client/app

Note: Usernames are suffixed with the hostname (test-user@localhost or [email protected])

Features

Relying party OpenID Provider Specification
Code Flow yes yes OpenID Connect Core 1.0, Section 3.1
Implicit Flow no1 yes OpenID Connect Core 1.0, Section 3.2
Hybrid Flow no not yet OpenID Connect Core 1.0, Section 3.3
Client Credentials not yet yes OpenID Connect Core 1.0, Section 9
Refresh Token yes yes OpenID Connect Core 1.0, Section 12
Discovery yes yes OpenID Connect Discovery 1.0
JWT Profile yes yes RFC 7523
PKCE yes yes RFC 7636
Token Exchange yes yes RFC 8693
Device Authorization yes yes RFC 8628
mTLS not yet not yet RFC 8705

Contributors

Screen with contributors' avatars from contrib.rocks

Made with contrib.rocks.

Resources

For your convenience you can find the relevant guides linked below.

Supported Go Versions

For security reasons, we only support and recommend the use of one of the latest two Go versions (✅).
Versions that also build are marked with ⚠️.

Version Supported
<1.18
1.18 ⚠️
1.19
1.20

Why another library

As of 2020 there are not a lot of OIDC library's in Go which can handle server and client implementations. ZITADEL is strongly committed to the general field of IAM (Identity and Access Management) and as such, we need solid frameworks to implement services.

Goals

Other Go OpenID Connect libraries

https://github.com/coreos/go-oidc

The go-oidc does only support RP and is not feasible to use as OP that's why we could not rely on go-oidc

https://github.com/ory/fosite

We did not choose fosite because it implements OAuth 2.0 on its own and does not rely on the golang provided package. Nonetheless this is a great project.

License

The full functionality of this library is and stays open source and free to use for everyone. Visit our website and get in touch.

See the exact licensing terms here

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an " AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Footnotes

  1. https://github.com/zitadel/oidc/issues/135#issuecomment-950563892

More Repositories

1

zitadel

ZITADEL - The best of Auth0 and Keycloak combined. Built for the serverless era.
Go
3,994
star
2

passwap

Package passwap provides a unified implementation between different password hashing algorithms. It allows for easy swapping between algorithms, using the same API for all of them.
Go
47
star
3

zitadel-go

ZITADEL Go - The official client library of ZITADEL for an easy integration into your Go project.
Go
35
star
4

zitadel-charts

This repository contains Helm charts for running ZITADEL in Kubernetes
Go
22
star
5

saml

A SAML 2.0 server (IdP) implementation written for Go
Go
17
star
6

zitadel-examples

DEPRECATED ⛔: Examples how to integrate different languages and frameworks with ZITADEL
TypeScript
16
star
7

terraform-provider-zitadel

Official Terraform provider for ZITADEL
Go
13
star
8

zitadel-tools

Go
13
star
9

example-symfony-oidc

Example Symfony PHP app
PHP
13
star
10

actions

ZITADEL Actions - Easy extensibility with custom code. Think GitHub Actions in an Identity System.
12
star
11

example-api-python3-flask

Example Python3 + Flask API for authentication and authorization with ZITADEL
Python
9
star
12

typescript

A typescript monorepo build with [turbo](https://turbo.build/) and [Changesets](https://github.com/changesets/changesets)
TypeScript
9
star
13

react-user-authentication

This is the React sample used in the ZITADEL quick start guide.
JavaScript
8
star
14

examples-api-access-and-token-introspection

Python examples for securing an API and invoking it as a service user
Python
7
star
15

zitadel-nextjs

This is our ZITADEL [Next.js](https://nextjs.org/) template. If shows how to authenticate as a user and retrieve user information from the OIDC endpoint.
TypeScript
7
star
16

zitadel-nextjs-b2b

Showcase the use of personal access tokens in a B2B environment. Uses NextJS Framework.
TypeScript
7
star
17

example-quote-generator-app

A simple web application using a React front-end and a Python back-end API, both secured using ZITADEL.
Python
6
star
18

zitadel-java

Java
6
star
19

homebrew-tap

Ruby
4
star
20

example-python-django-oidc

Example Python Django OIDC Web
Python
4
star
21

zitadel-angular

This is our ZITADEL [Angular](https://angular.io/) template. If shows how to authenticate as a user and retrieve user information from the OIDC endpoint.
TypeScript
3
star
22

zitadel_flutter

This project is a starting point for a Flutter application with ZITADEL integration. It runs on Android, IOS and web
C++
3
star
23

example-fine-grained-authorization

Leverage actions, custom metadata, and claims for attribute-based access control
Python
3
star
24

example-python-django-oauth

Example Python Django OAuth API
Python
3
star
25

example-apache2

Minimum ZITADEL integration with Apache2
Dockerfile
1
star