Add OIDC provider functionality with validation setup

This commit adds OpenID Connect (OIDC) provider functionality to tinyauth, allowing it to act as an OIDC identity provider for other applications. Features: - OIDC discovery endpoint at /.well-known/openid-configuration - Authorization endpoint for OAuth 2.0 authorization code flow - Token endpoint for exchanging authorization codes for tokens - ID token generation with JWT signing - JWKS endpoint for public key distribution - Support for PKCE (code challenge/verifier) - Nonce validation for ID tokens - Configurable OIDC clients with redirect URIs, scopes, and grant types Validation: - Docker Compose setup for local testing - OIDC test client (oidc-whoami) with session management - Nginx reverse proxy configuration - DNS server (dnsmasq) for custom domain resolution - Chrome launch script for easy testing Configuration: - OIDC configuration in config.yaml - Example configuration in config.example.yaml - Database migrations for OIDC client storage
2025-12-31 04:22:28 +00:00 · 2025-12-30 12:17:40 +01:00
parent 986ac88e14
commit 020fcb9878
21 changed files with 1873 additions and 8 deletions
--- a/internal/model/oidc_client_model.go
+++ b/internal/model/oidc_client_model.go
@@ -0,0 +1,18 @@
+package model
+
+type OIDCClient struct {
+	ClientID     string `gorm:"column:client_id;primaryKey"`
+	ClientSecret string `gorm:"column:client_secret"`
+	ClientName   string `gorm:"column:client_name"`
+	RedirectURIs string `gorm:"column:redirect_uris"` // JSON array
+	GrantTypes   string `gorm:"column:grant_types"`   // JSON array
+	ResponseTypes string `gorm:"column:response_types"` // JSON array
+	Scopes       string `gorm:"column:scopes"`         // JSON array
+	CreatedAt    int64  `gorm:"column:created_at"`
+	UpdatedAt    int64  `gorm:"column:updated_at"`
+}
+
+func (OIDCClient) TableName() string {
+	return "oidc_clients"
+}
+