Easy to use OpenID Connect client and server library written for Go

• oidc

  16 1,218 9.0 Go

  Easy to use OpenID Connect client and server library written for Go and certified by the OpenID Foundation

  

Zitadel OIDC library code is very well-writen and informative.

Highly encourage everyone jump into source code and explore how IntrospectionResponse struct work with all related code around

https://github.com/zitadel/oidc/blob/main/pkg/oidc/introspec...

// IntrospectionResponse implements RFC 7662, section 2.2 and

// OpenID Connect Core 1.0, section 5.1 (UserInfo).

// https://www.rfc-editor.org/rfc/rfc7662.html#section-2.2.

// https://openid.net/specs/openid-connect-core-1_0.html#Standa....

type IntrospectionResponse struct {

• oidc-login

  2 31 4.8 Go

  simple and secure way to authorize your application with the OpenID Connect

Nice. Once upon a time we created something like this. https://github.com/reddec/oidc-login (Client only)

• InfluxDB

  www.influxdata.com featured

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• OpenID

  11 955 9.3 C

  OpenID Certified™ OpenID Connect Relying Party implementation for Apache HTTP Server 2.x

  

otherwise connections would randomly drop. I was looking for other ways to make development a bit easier and also settled on mod_auth_openidc, which is an Apache module that lets it act like a Relying Party and handle lots of the heavy lifting (protecting endpoints, refreshing tokens etc.) for me, and lets me work with just a few headers that are passed to the protected resources: https://github.com/OpenIDC/mod_auth_openidc

It works, but I'm still not happy - I realize that there are many types of attacks that have historically been a problem and that certain OpenID Connect flows try to protect against, in addition to the fact that if I wrote my own security code it'd almost certainly be worse and have vulnerabilities (in the words of Eoin Woods: "Never invent security technology"), and it's a good thing to follow standards... but the whole thing is such a pain. Both OpenID Connect, Keycloak and configuring mod_auth_openidc.

Right now I'm moving permissions/roles from Keycloak back into the app DB, with references to the Keycloak user IDs, because I don't want to have to work with the Keycloak REST API every time I want to change what a user can or cannot do in the system, in addition to permissions which might only apply conditionally (one user might be related to multiple organizations, having different permissions in the context of each).

Regardless, it's nice that there are more pieces of software out there to choose from!

• oauth-proxy-example

  1 1 3.1 HTML

  Example of how to protect multiple applications behind SSO

While I think auth is hard it is still doable without having to become an expert when it comes to the details. I recently played around with oauth2proxy and nginx and got it working: https://github.com/layandreas/oauth-proxy-example

• kratos-selfservice-ui-node

  2 309 7.9 TypeScript
  

Kratos does have a reference UI implementation: https://github.com/ory/kratos-selfservice-ui-node

• SaaSHub

  www.saashub.com featured

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

Suggest a related project