This project is a easy to use client (RP) and server (OP) implementation for the OIDC (Open ID Connect) standard written for Go.
The RP is certified for the basic and config profile.
Whenever possible we tried to reuse / extend existing packages like OAuth2 for Go.
Check the /example folder where example code for different scenarios is located.
| Code Flow | Implicit Flow | Hybrid Flow | Discovery | PKCE | Token Exchange | mTLS | JWT Profile | Refresh Token | |
|---|---|---|---|---|---|---|---|---|---|
| Relaying Party | yes | yes | not yet | yes | yes | partial | not yet | yes | yes |
| Origin Party | yes | yes | not yet | yes | yes | not yet | not yet | yes | yes |
For your convenience you can find the relevant standards linked below.
- OpenID Connect Core 1.0 incorporating errata set 1
- Proof Key for Code Exchange by OAuth Public Clients
- OAuth 2.0 Token Exchange
- OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens
- JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants
| Version | Supported |
|---|---|
| <1.13 | ❌ |
| 1.14 | ✅ |
| 1.15 | ✅ |
| 1.16 | ✅ |
| 1.17 | ✅ |
As of 2020 there are not a lot of OIDC library's in Go which can handle server and client implementations. CAOS is strongly committed to the general field of IAM (Identity and Access Management) and as such, we need solid frameworks to implement services.