This repository will explain you about:
- How to create an Authentication Server and then use ory/hydra as Authorization server
- How to implement "Sign With {put-your-app-name}" for single identity management for your app. This exactly the same as building "Sign Up using Google" or similar services for your own app.
Clone this repository. Then run go mod download.
This will run using Postgres as database and Jaeger as a tracing vendor.
$ docker-compose upThis will create an OAUTH2 client using hydra cli. Otherwise, you can also create using REST API.
$ docker-compose exec hydra hydra clients create \
--endpoint http://127.0.0.1:4445/ \
--name MyApp \
--id myclient \
--secret mysecret \
--grant-types authorization_code,refresh_token \
--response-types code,id_token \
--callbacks http://localhost:1234/callbacks \
--token-endpoint-auth-method client_secret_post \
--scope offline,users.write,users.read,users.edit,users.deleteor
curl -X POST 'http://localhost:4445/clients' \
-H 'Content-Type: application/json' \
--data-raw '{
"client_id": "myclient",
"client_name": "MyApp",
"client_secret": "mysecret",
"grant_types": ["authorization_code", "refresh_token"],
"redirect_uris": ["http://localhost:1234/callbacks"],
"response_types": ["code", "id_token"],
"scope": "offline users.write users.read users.edit users.delete",
"token_endpoint_auth_method": "client_secret_post"
}'Please note scope is separated by space.
If you made wrong request params, you cannot create with the same client id, You must delete it first by doing this:
docker-compose exec hydra hydra clients delete --endpoint http://127.0.0.1:4445/ <client-id>or
curl -X DELETE 'http://localhost:4445/clients/<client-id>'
$ go run cmd/authc/main.go$ REDIRECT_URL=http://localhost:1234/callbacks CLIENT_ID=myclient CLIENT_SECRET=mysecret go run cmd/frontend/main.goAccess http://localhost:1234 then try to authorize the application.
$ go get -u github.com/shuLhan/go-bindata/...
$ go-bindata -o views/view.go -ignore=view.go views/...