74 lines
4 KiB
Markdown
74 lines
4 KiB
Markdown
# OpenID Connect SDK (client and server) for Go
|
|
|
|
[](https://github.com/semantic-release/semantic-release)
|
|
[](https://github.com/caos/oidc/actions)
|
|
[](https://github.com/caos/oidc/blob/master/LICENSE)
|
|
[](https://github.com/caos/oidc/releases)
|
|
[](https://goreportcard.com/report/github.com/caos/oidc)
|
|
[](https://codecov.io/gh/caos/oidc)
|
|
|
|
> This project is in beta state. It can AND will continue breaking until version 1.0.0 is released
|
|
|
|
## What Is It
|
|
|
|
This project is a easy to use client and server implementation for the `OIDC` (Open ID Connect) standard written for `Go`.
|
|
|
|
Whenever possible we tried to reuse / extend existing packages like `OAuth2 for Go`.
|
|
|
|
## How To Use It
|
|
|
|
Check the `/example` folder where example code for different scenarios is located.
|
|
|
|
## Features
|
|
|
|
| | Code Flow | Implicit Flow | Hybrid Flow | Discovery | PKCE | Token Exchange | mTLS | JWT Profile | Refresh Token |
|
|
|----------------|-----------|---------------|-------------|-----------|------|----------------|---------|-------------|---------------|
|
|
| Relaying Party | yes | yes | not yet | yes | yes | partial | not yet | yes | yes |
|
|
| Origin Party | yes | yes | not yet | yes | yes | not yet | not yet | yes | yes |
|
|
|
|
### Resources
|
|
|
|
For your convenience you can find the relevant standards linked below.
|
|
|
|
- [OpenID Connect Core 1.0 incorporating errata set 1](https://openid.net/specs/openid-connect-core-1_0.html)
|
|
- [Proof Key for Code Exchange by OAuth Public Clients](https://tools.ietf.org/html/rfc7636)
|
|
- [OAuth 2.0 Token Exchange](https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-19)
|
|
- [OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens](https://tools.ietf.org/html/draft-ietf-oauth-mtls-17)
|
|
- [JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants](https://tools.ietf.org/html/rfc7523)
|
|
|
|
## Supported Go Versions
|
|
|
|
| Version | Supported |
|
|
|---------|--------------------|
|
|
| <1.13 | :x: |
|
|
| 1.14 | :white_check_mark: |
|
|
| 1.15 | :white_check_mark: |
|
|
| 1.16 | :white_check_mark: |
|
|
| 1.17 | :white_check_mark: |
|
|
|
|
## Why another library
|
|
|
|
As of 2020 there are not a lot of `OIDC` library's in `Go` which can handle server and client implementations. CAOS is strongly committed to the general field of IAM (Identity and Access Management) and as such, we need solid frameworks to implement services.
|
|
|
|
### Goals
|
|
|
|
- [Certify this library as RP](https://openid.net/certification/#RPs)
|
|
- [Certify this library as OP](https://openid.net/certification/#OPs)
|
|
|
|
### Other Go OpenID Connect library's
|
|
|
|
[https://github.com/coreos/go-oidc](https://github.com/coreos/go-oidc)
|
|
|
|
The `go-oidc` does only support `RP` and is not feasible to use as `OP` that's why we could not rely on `go-oidc`
|
|
|
|
[https://github.com/ory/fosite](https://github.com/ory/fosite)
|
|
|
|
We did not choose `fosite` because it implements `OAuth 2.0` on its own and does not rely in the golang provided package. Nonetheless this is a great project.
|
|
|
|
## License
|
|
|
|
The full functionality of this library is and stays open source and free to use for everyone. Visit our [website](https://caos.ch) and get in touch.
|
|
|
|
See the exact licensing terms [here](./LICENSE)
|
|
|
|
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
|