BasicOIDC/README.md
Pierre Hubert d27c542e1f
Some checks failed
continuous-integration/drone/push Build is failing
Can grant a client to all users
2023-04-15 10:39:22 +02:00

1.8 KiB

Basic OIDC

Build Status

Basic & lightweight OpenID provider, written in Rust using the Actix framework.

WARNING : This tool has not been audited, use it at your own risks!

BasicOIDC operates without any database, just with two files :

  • clients.yaml: a list of authorized relying parties.
  • users.json: a list of users, managed through a web UI.

You can configure a list of clients (Relying Parties) in a clients.yaml file with the following syntax :

- id: gitea
  name: Gitea
  description: Git with a cup of tea
  secret: TOP_SECRET
  redirect_uri: https://mygit.mywebsite.com/
  # If you want new accounts to be granted access to this client by default
  default: true
  # If you want the client to be granted to every users, regardless their account configuration
  granted_to_all_users: true

On the first run, BasicOIDC will create a new administrator with credentials admin / admin. On first login you will have to change these default credentials.

In order to run BasicOIDC for development, you will need to create a least an empty clients.yaml file inside the storage directory.

Features :

  • authorization_code flow
  • Client authentication using secrets
  • Bruteforce protection
  • 2 factor authentication
    • TOTP (authenticator app)
    • Using a security key (Webauthn)
  • Fully responsive webui
  • robots.txt prevents indexing

Compiling

You will need the Rust toolchain to compile this project. To build it for production, just run:

cargo build --release

Contributing

If you wish to contribute to this software, feel free to send an email to contact@communiquons.org to get an account on my system, managed by BasicOIDC :)