Skip to content

🔏 📃PhoenixDOMString🚀SAMkenXEcosystemPMUXSystemDAVID0authQuMoLSIMCpythonSAMkenXCCorEngINEuTrinoMORALFunction Optimized Algo Auth2.0, Standard Docs genetion for Decentralized Authentication and Verification of Identity and device with location also add binary special tasks functions features MORAL

License

Notifications You must be signed in to change notification settings

samkenxstream/SAMkenX0auth2DAVID

Repository files navigation

Build Status Architectures Status CodeQL Analysis

liboauth2

Generic library to build C-based OAuth 2.x and OpenID Connect servers and clients e.g. web-server plugins.

Overview

  • extends cjose into OAuth 2.x and OpenID Connect specific claims, secrets, and hashes
  • adds OAuth 2.x and OpenID Connect protocols by abstracting HTTP requests and responses from web server implementation specifics
  • reusable code across other OAuth 2.x and REST related protocols e.g. token exchange with endpoint authentication, source token retrieval, target pass settings etc.
  • generic code with plugins for Apache, NGINX, and possibly more (e.g. Envoy, HA Proxy, IIS)
  • configurable cache backend/size/options per cache element type
  • cookie-based session management (i.e. enforce inactivity timeout, expiry)

Features

  • OpenID Connect 1.0
  • OAuth 2.0 Resource Owner Password Credentials (RFC 6749)
  • OAuth 2.0 Token Introspection (RFC 7662)
  • JWT bearer token validation using JWK, JWKS URI, shared symmetric key, X.509 cert, and RSA public key (RFC 6750)
  • OAuth 2.0 Authorization Server Metadata (RFC 8414)
  • Proof Key for Code Exchange (PKCE) by OAuth Public Clients (RFC 7636)
  • OAuth 2.0 Mutual-TLS (MTLS) Certificate-Bound Access Tokens (RFC 8705)
  • OAuth 2.0 Demonstration of Proof-of-Possession (DPoP) at the Application Layer (Internet-Draft)
  • Amazon ALB EC key URL based x-amzn-oidc-data JWT verification
  • endpoint authentication methods: client_secret_basic, client_secret_post, client_secret_jwt, private_key_jwt, TLS client certificate, and HTTP basic authentication
  • configurable cache backends: shared memory, file-based, memcache, and Redis
  • retrieving a token from a header, a query parameter, a post parameter, or a cookie
  • setting a token as a header, a query parameter, a post parameter, or a cookie
  • Apache and NGINX bindings

Dependencies

liboauth2 depends on the following libraries:

  • openssl for SSL and crypto support
  • libcurl for HTTP client support
  • jansson for JSON parsing
  • cjose for JSON Object Signing and Encryption (JOSE) support
  • (optional) libmemcached for memcache cache backend support
  • (optional) libhiredis for Redis cache backend support
  • (optional) Apache 2.x for Apache 2.x bindings support
  • (optional) NGINX for NGINX bindings support
  • (optional, build time only) check for unit test support

Support

Community Support

See Frequently Asked Questions on the Wiki.
Ask questions in the Discussions tracker.

Commercial Support

For commercial support contracts, professional services, training, and use-case specific support, contact OpenIDC at: [email protected]

Disclaimer

This software is open sourced by OpenIDC. For commercial support you can contact OpenIDC as described above in the Support section.

About

🔏 📃PhoenixDOMString🚀SAMkenXEcosystemPMUXSystemDAVID0authQuMoLSIMCpythonSAMkenXCCorEngINEuTrinoMORALFunction Optimized Algo Auth2.0, Standard Docs genetion for Decentralized Authentication and Verification of Identity and device with location also add binary special tasks functions features MORAL

Topics

Resources

License

Security policy

Stars

Watchers

Forks

Packages

No packages published

Languages