# Basic OIDC [![Build Status](https://drone.communiquons.org/api/badges/pierre/BasicOIDC/status.svg)](https://drone.communiquons.org/pierre/BasicOIDC) Basic & lightweight OpenID provider, written in Rust using the Actix framework. **WARNING :** This tool has not been audited, use it at your own risks! BasicOIDC operates without any database, just with two files : * `clients.yaml`: a list of authorized relying parties. * `users.json`: a list of users, managed through a web UI. You can configure a list of clients (Relying Parties) in a `clients.yaml` file with the following syntax : ```yaml - id: gitea name: Gitea description: Git with a cup of tea secret: TOP_SECRET redirect_uri: https://mygit.mywebsite.com/ # If you want new accounts to be granted access to this client by default default: true # If you want the client to be granted to every users, regardless their account configuration granted_to_all_users: true ``` On the first run, BasicOIDC will create a new administrator with credentials `admin` / `admin`. On first login you will have to change these default credentials. In order to run BasicOIDC for development, you will need to create a least an empty `clients.yaml` file inside the storage directory. Features : * [x] `authorization_code` flow * [x] Client authentication using secrets * [x] Bruteforce protection * [x] 2 factor authentication * [x] TOTP (authenticator app) * [x] Using a security key (Webauthn) * [ ] Fully responsive webui * [x] `robots.txt` prevents indexing ## Compiling You will need the Rust toolchain to compile this project. To build it for production, just run: ```bash cargo build --release ``` ## Testing with OAauth proxy If you want to test the solution with OAuth proxy, you can try to adapt the following command (considering `192.168.2.103` is your local IP address): ```bash docker run --rm -p 4180:4180 quay.io/oauth2-proxy/oauth2-proxy:latest --provider=oidc --email-domain=* --client-id=oauthproxy --client-secret=secretoauth --cookie-secret=SECRETCOOKIE1234 --oidc-issuer-url=http://192.168.2.103.nip.io:8000 --http-address 0.0.0.0:4180 --upstream http://192.168.2.103 --redirect-url http://192.168.2.103:4180/oauth2/callback --cookie-secure=false ``` Corresponding client configuration: ```yaml - id: oauthproxy name: Oauth proxy description: oauth proxy secret: secretoauth redirect_uri: http://192.168.2.103:4180/ ``` ## Contributing If you wish to contribute to this software, feel free to send an email to contact@communiquons.org to get an account on my system, managed by BasicOIDC :)