Repository files navigation

This project is an easy-to-use client (RP) and server (OP) implementation for theOIDC (OpenID Connect) standard written forGo.

The RP is certified for thebasic andconfig profile.

Whenever possible we tried to reuse / extend existing packages likeOAuth2 for Go.

The most important packages of the library:

/pkg    /client            clients using the OP for retrieving, exchanging and verifying tokens        /rp            definition and implementation of an OIDC Relying Party (client)        /rs            definition and implementation of an OAuth Resource Server (API)    /op                definition and implementation of an OIDC OpenID Provider (server)    /oidc              definitions shared by clients and server/example    /client/api        example of an api / resource server implementation using token introspection    /client/app        web app / RP demonstrating authorization code flow using various authentication methods (code, PKCE, JWT profile)    /client/github     example of the extended OAuth2 library, providing an HTTP client with a reuse token source    /client/service    demonstration of JWT Profile Authorization Grant    /server            examples of an OpenID Provider implementations (including dynamic) with some very basic login UI

This package usessemver forreleases. Major releases ship breaking changes. Starting with thev2 tov3 increment we provide anupgrade guide to ease migration to a newer version.

Check the/example folder where example code for different scenarios is located.

# start oidc op server# oidc discovery http://localhost:9998/.well-known/openid-configurationgo run github.com/zitadel/oidc/v3/example/server# start oidc web client (in a new terminal)CLIENT_ID=web CLIENT_SECRET=secret ISSUER=http://localhost:9998/ SCOPES="openid profile" PORT=9999 go run github.com/zitadel/oidc/v3/example/client/app

• openhttp://localhost:9999/login in your browser
• you will be redirected to op server and the login UI
• login with usertest-user@localhost and passwordverysecure
• the OP will redirect you to the client app, which displays the user info

for the dynamic issuer, just start it with:

go run github.com/zitadel/oidc/v3/example/server/dynamic

the oidc web client above will still work, but if you addoidc.local (pointing to 127.0.0.1) in your hosts file you can also start it with:

CLIENT_ID=web CLIENT_SECRET=secret ISSUER=http://oidc.local:9998/ SCOPES="openid profile" PORT=9999 go run github.com/zitadel/oidc/v3/example/client/app

Note: Usernames are suffixed with the hostname (test-user@localhost ortest-user@oidc.local)

Example server allows extra configuration using environment variables and could be used for end toend testing of your services.

Here is json equivalent for one of the default users

{"id2": {"ID":"id2","Username":"test-user2","Password":"verysecure","FirstName":"Test","LastName":"User2","Email":"test-user2@zitadel.ch","EmailVerified":true,"Phone":"","PhoneVerified":false,"PreferredLanguage":"DE","IsAdmin":false  }}

Made withcontrib.rocks.

For your convenience you can find the relevant guides linked below.

• OpenID Connect Core 1.0 incorporating errata set 1
• OIDC/OAuth Flow in Zitadel (using this library)

For security reasons, we only support and recommend the use of one of the latest two Go versions (:white_check_mark:).Versions that also build are marked with :warning:.

As of 2020 there are not a lot ofOIDC library's inGo which can handle server and client implementations. ZITADEL is strongly committed to the general field of IAM (Identity and Access Management) and as such, we need solid frameworks to implement services.

• Certify this library as OP

https://github.com/coreos/go-oidc

Thego-oidc does only supportRP and is not feasible to use asOP that's why we could not rely ongo-oidc

https://github.com/ory/fosite

We did not choosefosite because it implementsOAuth 2.0 on its own and does not rely on the golang provided package. Nonetheless this is a great project.

The full functionality of this library is and stays open source and free to use for everyone. Visitourwebsite and get in touch.

See the exact licensing termshere

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specificlanguage governing permissions and limitations under the License.