{"id":27263000,"url":"https://github.com/deiu/webid-rsa","last_synced_at":"2025-06-25T19:32:41.419Z","repository":{"id":144208575,"uuid":"92443845","full_name":"deiu/webid-rsa","owner":"deiu","description":"WebID-RSA authentication library in Go","archived":false,"fork":false,"pushed_at":"2017-06-02T17:14:51.000Z","size":54,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-04-11T05:58:33.906Z","etag":null,"topics":["auth","crypto","go","golang","webid"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/deiu.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2017-05-25T20:56:53.000Z","updated_at":"2023-09-26T14:43:51.000Z","dependencies_parsed_at":null,"dependency_job_id":"8a085fb8-9bc6-48ff-9dcc-d5f9167aeb4e","html_url":"https://github.com/deiu/webid-rsa","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/deiu/webid-rsa","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deiu%2Fwebid-rsa","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deiu%2Fwebid-rsa/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deiu%2Fwebid-rsa/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deiu%2Fwebid-rsa/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/deiu","download_url":"https://codeload.github.com/deiu/webid-rsa/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deiu%2Fwebid-rsa/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":261940736,"owners_count":23233591,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["auth","crypto","go","golang","webid"],"created_at":"2025-04-11T05:58:32.494Z","updated_at":"2025-06-25T19:32:41.408Z","avatar_url":"https://github.com/deiu.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# webid-rsa\n[![](https://img.shields.io/badge/project-Solid-7C4DFF.svg?style=flat-square)](https://github.com/solid/solid)\n[![Build Status](https://travis-ci.org/deiu/webid-rsa.svg?branch=master)](https://travis-ci.org/deiu/webid-rsa)\n[![Coverage Status](https://coveralls.io/repos/github/deiu/webid-rsa/badge.svg?branch=master)](https://coveralls.io/github/deiu/webid-rsa?branch=master)\n\n\nWebID-RSA authentication library in Go\n\n# Install\n```\ngo get -u github.com/deiu/webid-rsa\n```\n\n# Example\n\n```golang\npackage main\n\nimport (\n\t\"net/http\"\n\t\"github.com/deiu/webid-rsa\"\n)\n\nfunc main() {\n\thandler := http.NewServeMux()\n\n\thandler.Handle(\"/admin\", http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {\n\t\tuser := \"\"\n\t\tauthz := req.Header.Get(\"Authorization\")\n\t\tif len(authz) \u003e 0 {\n\t\t\tuser, _ = webidrsa.Authenticate(req)\n\t\t}\n\t\tif len(user) == 0 {\n\t\t\tauthn := webidrsa.NewAuthenticateHeader(req)\n\t\t\tw.Header().Set(\"WWW-Authenticate\", authn)\n\t\t\tw.WriteHeader(401)\n\t\t\treturn\n\t\t}\n\n\t\tw.Write([]byte(user))\n\t\tw.WriteHeader(200)\n\t\treturn\n\t}))\n\n\thttp.ListenAndServe(\":8888\", handler)\n}\n```\n\n# Protocol details\n\nWebID-RSA is somewhat similar to [WebID-TLS](https://www.w3.org/2005/Incubator/webid/spec/tls/), in that a public RSA key is published in the WebID profile, and the user will sign a token with the corresponding private key that matches the public key in the profile.\n\nThe client receives a secure token from the server, which it signs and then sends back to the server. The implementation of WebID-RSA is similar to [Digest\naccess authentication](https://tools.ietf.org/html/rfc2617) in HTTP, in that it\nreuses similar headers.\n\nHere is a step by step example that covers the authentication handshake.\n\nFirst, a client attempts to access a protected resource at\n`https://example.org/data/`.\n\nREQUEST:\n\n```\nGET /data/ HTTP/1.1\nHost: example.org\n```\n\nRESPONSE:\n\n```\nHTTP/1.1 401 Unauthorized\nWWW-Authenticate: WebID-RSA source=\"example.org\", nonce=\"somethingSecure\"\n```\n\nNext, the client sets the username value to the user's WebID and signs the\n`SHA1` hash of the concatenated value of **source + username + nonce** before\nresending the request. The signature must use the `PKCS1v15` standard and it\nmust be `base64` encoded.\n\nIt is important that clients return the proper source value they received from\nthe server, in order to avoid man-in-the-middle attacks on non-HTTPS connections. Also note that the server must send it's own URI (**source**) together with the token, otherwise a [MitM](https://en.wikipedia.org/wiki/Man-in-the-middle_attack) can forward the claim to the client; the server will also expect that clients return the same server URI.\n\nREQUEST:\n\n```\nGET /data/ HTTP/1.1\nHost: example.org\nAuthorization: WebID-RSA source=\"example.org\",\n                         username=\"https://alice.example.org/card#me\",\n                         nonce=\"somethingSecure\",\n                         sig=\"base64(sig(SHA1(SourceUsernameNonce)))\"\n```\n\nRESPONSE:\n\n```\nHTTP/1.1 200 OK\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdeiu%2Fwebid-rsa","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdeiu%2Fwebid-rsa","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdeiu%2Fwebid-rsa/lists"}