mirror of
https://github.com/steveiliop56/tinyauth.git
synced 2025-12-31 20:42:31 +00:00
020fcb9878
This commit adds OpenID Connect (OIDC) provider functionality to tinyauth, allowing it to act as an OIDC identity provider for other applications. Features: - OIDC discovery endpoint at /.well-known/openid-configuration - Authorization endpoint for OAuth 2.0 authorization code flow - Token endpoint for exchanging authorization codes for tokens - ID token generation with JWT signing - JWKS endpoint for public key distribution - Support for PKCE (code challenge/verifier) - Nonce validation for ID tokens - Configurable OIDC clients with redirect URIs, scopes, and grant types Validation: - Docker Compose setup for local testing - OIDC test client (oidc-whoami) with session management - Nginx reverse proxy configuration - DNS server (dnsmasq) for custom domain resolution - Chrome launch script for easy testing Configuration: - OIDC configuration in config.yaml - Example configuration in config.example.yaml - Database migrations for OIDC client storage
37 lines
823 B
YAML
37 lines
823 B
YAML
appUrl: "http://auth.example.com"
|
|
logLevel: "info"
|
|
databasePath: "/data/tinyauth.db"
|
|
|
|
auth:
|
|
users: "user:$2b$12$mWEdxub8KTTBLK/f7dloKOS4t3kIeLOpme5pMXci5.lXNPANjCT5u" # user:pass
|
|
secureCookie: false
|
|
sessionExpiry: 3600
|
|
loginTimeout: 300
|
|
loginMaxRetries: 3
|
|
|
|
oidc:
|
|
enabled: true
|
|
issuer: "http://auth.example.com"
|
|
accessTokenExpiry: 3600
|
|
idTokenExpiry: 3600
|
|
clients:
|
|
testclient:
|
|
clientSecret: "test-secret-123"
|
|
clientName: "OIDC Test Client"
|
|
redirectUris:
|
|
- "http://client.example.com/callback"
|
|
- "http://localhost:8765/callback"
|
|
- "http://127.0.0.1:8765/callback"
|
|
grantTypes:
|
|
- "authorization_code"
|
|
responseTypes:
|
|
- "code"
|
|
scopes:
|
|
- "openid"
|
|
- "profile"
|
|
- "email"
|
|
|
|
ui:
|
|
title: "Tinyauth OIDC Test"
|
|
|