{"id":39542298,"url":"https://github.com/deepzz0/oidc","last_synced_at":"2026-01-18T06:37:52.108Z","repository":{"id":65349690,"uuid":"473491602","full_name":"deepzz0/oidc","owner":"deepzz0","description":"Golang OAuth2/OIDC Server Library.","archived":false,"fork":false,"pushed_at":"2023-02-13T11:47:24.000Z","size":330,"stargazers_count":1,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-08-01T00:25:42.111Z","etag":null,"topics":["idaas","oauth2","openid-connect","server"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/deepzz0.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-03-24T06:59:55.000Z","updated_at":"2023-06-04T16:40:08.000Z","dependencies_parsed_at":"2024-06-20T07:19:25.805Z","dependency_job_id":"683b1e25-cb7f-4bed-8ec0-a1be69bb6a77","html_url":"https://github.com/deepzz0/oidc","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/deepzz0/oidc","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deepzz0%2Foidc","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deepzz0%2Foidc/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deepzz0%2Foidc/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deepzz0%2Foidc/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/deepzz0","download_url":"https://codeload.github.com/deepzz0/oidc/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deepzz0%2Foidc/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28531997,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-18T00:39:45.795Z","status":"online","status_checked_at":"2026-01-18T02:00:07.578Z","response_time":98,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["idaas","oauth2","openid-connect","server"],"created_at":"2026-01-18T06:37:52.017Z","updated_at":"2026-01-18T06:37:52.092Z","avatar_url":"https://github.com/deepzz0.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"#  oidc\nGolang OAuth2/OIDC Server Library.\n\n![OpenIDConnect-Map-4Feb2014.png](./assets/OpenIDConnect-Map-4Feb2014.png)\n\n**Our goals:**\n\n- Security.\n- KISS.\n- Simple API.\n\n### Features\n\n- [ ] Grant Types Support:\n  - [x] Authorization Code\n  - [x] Refresh Token\n  - [x] Client Credentials\n  - [x] Password `Legacy`\n  - [x] Implicit Flow `Legacy`\n  - [ ] Assertion:\n    - [ ]  JWT Bearer\n    - [ ] Token Exchange\n    - [ ] SAML2 Bearer\n    - [ ] Device Code\n- [x] PKCE For Public Cilents: `plain`, `S256`\n- [ ] Session Management:\n  - [x] Check Session\n  - [ ] End Session: `Front Channel`, `Back Channel`\n- [x] Token Revocation\n- [ ] Request Object\n- [ ] Dynamic Client Registration\n- [ ] Self Issued OP\n- [x] Known Scopes: `openid`, `email`, `profile`, `phone`, `address`, `offline_access`\n- [x] Token Type Support: `Bearer`, `JWT`\n- [x] ID Token Signing Algo: `HS256`, `RS256`, `ES256`\n- [x] Client Auth Method:  `client_secret_basic`, `client_secret_post`\n- [x] Hybrid Response Type: `code`, `token`, `id_token`\n- [x] Response Mode Support: `query`, `fragment`, `form_post`\n\nHave fun!\n\n### Building\n\nThis library uses Go modules and uses semantic versioning. Building is done with the `go` tool, so the following should work:\n\n```\ngo get github.com/deepzz0/oidc\n```\n\n### Examples\n\nA short \"how to use the API\" is at the beginning of doc.go (this also will show when you call `godoc github.com/deepzz0/oidc`).\n\nExample programs can be found in the [Examples](https://github.com/deepzz0/oidc/tree/master/examples) repository.\n\n### RFCs\n\n*Try our best, see https://oauth.net/specs/ and  https://openid.net/developers/specs/.*\n\n**OAuth2:**\n\n* [6749](https://www.rfc-editor.org/rfc/rfc6749) - OAuth 2.0 Authorization Framework\n* [6750](http://tools.ietf.org/html/rfc6750) - OAuth 2.0 Authorization Framework: Bearer Token Usage\n* [6755](https://www.rfc-editor.org/rfc/rfc6755) - An IETF URN Sub-Namespace for OAuth\n* [6819](https://www.rfc-editor.org/rfc/rfc6819) - OAuth 2.0 Threat Model and Security Considerations\n* [7009](http://tools.ietf.org/html/rfc7009) - OAuth 2.0 Token Revocation\n* [7519](https://tools.ietf.org/html/rfc7519) - JSON Web Token (JWT)\n* [7521](https://www.rfc-editor.org/rfc/rfc7521.html) - Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants\n* [7522](https://www.rfc-editor.org/rfc/rfc7522) - SAML 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants\n* [7523](https://www.rfc-editor.org/rfc/rfc7523.html) - JWT Profile for OAuth 2.0 Client Authentication and Authorization Grants\n* [7591](https://www.rfc-editor.org/rfc/rfc7591) - OAuth 2.0 Dynamic Client Registration Protocol\n* [7592](https://www.rfc-editor.org/rfc/rfc7592) - OAuth 2.0 Dynamic Client Registration Management Protocol\n* [7636](http://tools.ietf.org/html/rfc7636) - Proof Key for Code Exchange by OAuth Public Clients `PKCE`\n* [7662](https://www.rfc-editor.org/rfc/rfc7662) - OAuth 2.0 Token Introspection\n* [7800](https://www.rfc-editor.org/rfc/rfc7800) - Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)\n* [8176](https://www.rfc-editor.org/rfc/rfc8176) - Authentication Method Reference Values\n* [8252](http://tools.ietf.org/html/rfc8252) - OAuth 2.0 for Native Apps\n* [8414](https://www.rfc-editor.org/rfc/rfc8414) - OAuth 2.0 Authorization Server Metadata\n* [8628](https://www.rfc-editor.org/rfc/rfc8628) - OAuth 2.0 Device Authorization Grant\n* [8693](https://datatracker.ietf.org/doc/html/rfc8693) - OAuth 2.0 Token Exchange\n* [8705](https://tools.ietf.org/html/rfc8705) - OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens\n* [8707](https://www.rfc-editor.org/rfc/rfc8707) - Resource Indicators for OAuth 2.0\n* [8725](https://www.rfc-editor.org/rfc/rfc8725) - JSON Web Token Best Current Practices\n* [9101](https://www.rfc-editor.org/rfc/rfc9101) - The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR)\n* [9126](https://datatracker.ietf.org/doc/html/rfc9126) - OAuth 2.0 Pushed Authorization Requests\n* [9207](https://www.rfc-editor.org/rfc/rfc9207) - OAuth 2.0 Authorization Server Issuer Identification\n* [9278](https://www.rfc-editor.org/rfc/rfc9278) - JWK Thumbprint URI\n* [9608](https://datatracker.ietf.org/doc/html/rfc9068) - JWT Profile for OAuth 2.0 Access Tokens\n\n\n\n* [OAuth Parameters](https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml)\n* [WebAuthn]([www.w3.org/TR/webauthn](https://www.w3.org/TR/webauthn/))\n\n**OIDC:**\n\n* [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html)\n* [OpenID Connect Discovery 1.0](https://openid.net/specs/openid-connect-discovery-1_0.html)\n* [OpenID Connect Dynamic Client Registration 1.0](https://openid.net/specs/openid-connect-registration-1_0.html)\n* [OAuth 2.0 Multiple Response Type Encoding Practices](https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html)\n* [OAuth 2.0 Form Post Response Mode](https://openid.net/specs/oauth-v2-form-post-response-mode-1_0.html)\n* [OpenID 2.0 to OpenID Connect Migration 1.0](https://openid.net/specs/openid-connect-migration-1_0.html)\n* [OpenID Connect RP-Initiated Logout 1.0](https://openid.net/specs/openid-connect-rpinitiated-1_0.html)\n* [OpenID Connect Session Management 1.0](https://openid.net/specs/openid-connect-session-1_0.html)\n* [OpenID Connect Front-Channel Logout 1.0](https://openid.net/specs/openid-connect-frontchannel-1_0.html)\n* [OpenID Connect Back-Channel Logout 1.0](https://openid.net/specs/openid-connect-backchannel-1_0.html)\n* [OpenID Connect Core Error Code unmet_authentication_requirements](https://openid.net/specs/openid-connect-unmet-authentication-requirements-1_0.html)\n* [Initiating User Registration via OpenID Connect 1.0](https://openid.net/specs/openid-connect-prompt-create-1_0.html)\n\nFAPI\n\n* [Financial-grade API Security Profile 1.0 - Part 1: Baseline](https://openid.net/specs/openid-financial-api-part-1-1_0.html)\n* [Financial-grade API Security Profile 1.0 - Part 2: Advanced](https://openid.net/specs/openid-financial-api-part-2-1_0.html)\n* [JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)](https://openid.net/specs/oauth-v2-jarm.html)\n\nMODRNA\n\n* [OpenID Connect Client-Initiated Backchannel Authentication Flow - Core 1.0](https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html)\n\n**Optional follow experimental and draft Specs:**\n\n* [OAuth 2.0 Security Best Current Practice](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics)\n* [OAuth 2.0 for Browser-Based Apps](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-browser-based-apps)\n* [OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop)\n* [OAuth 2.0 Rich Authorization Requests](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-rar)\n* [OAuth 2.0 Incremental Authorization](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-incremental-authz)\n* [OAuth 2.0 Step-up Authentication Challenge Protocol](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-step-up-authn-challenge)\n* [OAuth 2.0 Client Discovery](https://www.ietf.org/archive/id/draft-looker-oauth-client-discovery-01.html)\n* [OAuth 2.1 Authorization Framework](https://www.ietf.org/archive/id/draft-ietf-oauth-v2-1-07.html)\n* [OAuth 2.0 Step-up Authentication Challenge Protocol](https://www.ietf.org/archive/id/draft-ietf-oauth-step-up-authn-challenge-08.html)\n* [JWT Response for OAuth Token Introspection](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-jwt-introspection-response)\n* [HTTP Message Signatures](https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-message-signatures)\n* [Digest Fields](https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-digest-headers)\n* [JSON Web Token (JWT) Embedded Tokens](https://www.ietf.org/archive/id/draft-yusef-oauth-nested-jwt-06.html)\n* [Cross-Device Flows: Security Best Current Practice](https://www.ietf.org/archive/id/draft-ietf-oauth-cross-device-security-00.html)\n* [Selective Disclosure for JWTs (SD-JWT)](https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-02.html)\n\n### OAuth 2.1?\n\nSee [https://oauth.net/2.1/](https://oauth.net/2.1/).\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdeepzz0%2Foidc","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdeepzz0%2Foidc","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdeepzz0%2Foidc/lists"}