{"id":25524775,"url":"https://github.com/i-core/werther","last_synced_at":"2026-01-14T14:14:27.873Z","repository":{"id":41117542,"uuid":"190165365","full_name":"i-core/werther","owner":"i-core","description":"An Identity Provider for ORY Hydra over LDAP","archived":false,"fork":false,"pushed_at":"2022-10-19T15:58:42.000Z","size":2426,"stargazers_count":157,"open_issues_count":3,"forks_count":34,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-08-14T19:38:57.014Z","etag":null,"topics":["active-directory","authentication","hydra","identity","ldap","oauth2","openid-connect","security"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/i-core.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-06-04T08:56:40.000Z","updated_at":"2025-07-16T20:47:53.000Z","dependencies_parsed_at":"2023-01-19T21:41:54.584Z","dependency_job_id":null,"html_url":"https://github.com/i-core/werther","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/i-core/werther","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/i-core%2Fwerther","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/i-core%2Fwerther/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/i-core%2Fwerther/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/i-core%2Fwerther/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/i-core","download_url":"https://codeload.github.com/i-core/werther/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/i-core%2Fwerther/sbom","scorecard":{"id":476052,"data":{"date":"2025-08-11","repo":{"name":"github.com/i-core/werther","commit":"67c2253acd3d986bc8dbf729b9d3c2a13f73691d"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.6,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":6,"reason":"Found 12/18 approved changesets -- score normalized to 6","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: containerImage not pinned by hash: Dockerfile:6","Info: 0 out of 1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v1.2.1 not signed: https://api.github.com/repos/i-core/werther/releases/40697750","Warn: release artifact v1.1.1 not signed: https://api.github.com/repos/i-core/werther/releases/21831207","Warn: release artifact v1.1.0 not signed: https://api.github.com/repos/i-core/werther/releases/21148136","Warn: release artifact v1.0.1 not signed: https://api.github.com/repos/i-core/werther/releases/19104222","Warn: release artifact v1.2.1 does not have provenance: https://api.github.com/repos/i-core/werther/releases/40697750","Warn: release artifact v1.1.1 does not have provenance: https://api.github.com/repos/i-core/werther/releases/21831207","Warn: release artifact v1.1.0 does not have provenance: https://api.github.com/repos/i-core/werther/releases/21148136","Warn: release artifact v1.0.1 does not have provenance: https://api.github.com/repos/i-core/werther/releases/19104222"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":5,"reason":"5 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2020-0049 / GHSA-5x84-q523-vvwr","Warn: Project is vulnerable to: GO-2025-3683 / GHSA-w9hf-35q4-vcjw","Warn: Project is vulnerable to: GO-2020-0015 / GHSA-5rcv-m4m3-hfh7","Warn: Project is vulnerable to: GO-2021-0113 / GHSA-ppp9-7jff-5vj2","Warn: Project is vulnerable to: GO-2022-1059 / GHSA-69ch-w2m2-3vjp"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 22 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-19T15:20:10.967Z","repository_id":41117542,"created_at":"2025-08-19T15:20:10.967Z","updated_at":"2025-08-19T15:20:10.967Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28422430,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T13:30:50.153Z","status":"ssl_error","status_checked_at":"2026-01-14T13:29:08.907Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["active-directory","authentication","hydra","identity","ldap","oauth2","openid-connect","security"],"created_at":"2025-02-19T20:05:34.966Z","updated_at":"2026-01-14T14:14:27.844Z","avatar_url":"https://github.com/i-core.png","language":"Go","funding_links":[],"categories":["Archived, Outdated, and WIP"],"sub_categories":["Ory Fosite"],"readme":"# Werther \u003csup\u003e[1](#myfootnote1)\u003c/sup\u003e\n\n[![GoDoc][doc-img]][doc] [![Build Status][build-img]][build] [![codecov][codecov-img]][codecov] [![Go Report Card][goreport-img]][goreport]\n\nWerther is an Identity Provider for [ORY Hydra][hydra] over [LDAP][ldap].\nIt implements [Login And Consent Flow][hydra-login-consent] and provides basic UI.\n\n![screenshot](.github/media/screenshot.gif)\n\n**Features**\n- Support [Active Directory][ad];\n- Mapping LDAP attributes to OpenID Connect claims;\n- Mapping LDAP groups to user roles;\n- OAuth 2.0 scopes;\n- Caching users roles;\n- UI customization.\n\n**Limitations**\n- Werther grants all requested permissions to a client without displaying the consent page;\n- Werther confirms a logout request without displaying the logout confirmation page.\n\n**Requirements**\n\nORY Hydra v1.0.0-rc.12 or higher.\n\n**Table of Contents**\n\u003c!-- To generate the table use the command \"npx doctoc --maxlevel 2 README.md\" --\u003e\n\u003c!-- START doctoc generated TOC please keep comment here to allow auto update --\u003e\n\u003c!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE --\u003e\n\n\n- [Installing](#installing)\n- [Configuration](#configuration)\n- [User roles](#user-roles)\n- [UI customization](#ui-customization)\n- [Example](#example)\n- [Resources](#resources)\n- [Footnotes](#footnotes)\n- [Contributing](#contributing)\n- [License](#license)\n\n\u003c!-- END doctoc generated TOC please keep comment here to allow auto update --\u003e\n\n## Installing\n\n### From Docker\n\n```bash\ndocker pull icoreru/werther\n```\n\n### From sources\n\n```bash\ngo install ./...\n```\n\n## Configuration\n\nThe application is configured via environment variables.\nNames of the environment variables starts with prefix `WERTHER_`.\nSee a list of the environment variables using the command:\n\n```\nwerther -h\n```\n\n## User roles\n\nIn LDAP user's roles are groups in which a user is a member.\n\nThe environment variable `WERTHER_LDAP_ROLE_BASEDN` is a DN for searching roles.\n\nFor example, create an OU that repserents an application, and then in the created OU\ncreate groups that represent application's roles:\n\n```\ndc=com\n|-- dc=example\n |-- ou=AppRoles\n |-- ou=App1\n |-- cn=app1_role1 (objectClass=\"group\", description=\"role1\")\n |-- cn=app1_role2 (objectClass=\"group\", description=\"role2\")\n```\n\nRun Werther with the environment variable `WERTHER_LDAP_ROLE_BASEDN`\nthat equals to `ou=AppRoles,dc=example,dc=com`.\n\nIn the above example Werther returns user's roles as a value\nof the user role's claim `https://github.com/i-core/werther/claims/roles`.\n\n```json\n{\n \"https://github.com/i-core/werther/claims/roles\": {\n \"App1\": [\"role1\", \"role2\"],\n }\n}\n```\n\nTo customize the roles claim's name you should set a value of the environment variable `WERTHER_LDAP_ROLE_CLAIM`.\nAlso you should map the custom name of the roles' claim to a roles's scope using the environment variable\n`WERTHER_IDENTP_CLAIM_SCOPES` (the name must be [URL encoded][uri-spec-encoding]):\n\n```bash\nenv WERTHER_LDAP_ROLE_CLAIM=https://my-company.com/claims/roles \\\n WERTHER_IDENTP_CLAIM_SCOPES=name:profile,family_name:profile,given_name:profile,email:email,https%3A%2F%2Fmy-company.com%2Fclaims%2Froles:roles \\\n werther\n```\n\nFor more details about claims naming see [OpenID Connect Core 1.0][oidc-spec-additional-claims].\n\n**NB** There are cases when we need to create several roles with the same name in LDAP.\nFor example, when we want to configure multiple applications or several environments for the same application.\n\n```\ndc=com\n|-- dc=example\n |-- ou=AppRoles\n |-- ou=Test\n |-- ou=App1\n |-- cn=test_app1_role1 (objectClass=\"group\", description=\"role1\")\n |-- cn=test_app1_role2 (objectClass=\"group\", description=\"role2\")\n |-- ou=App2\n |-- cn=test_app2_role1 (objectClass=\"group\",description-\"role1\")\n |-- cn=test_app2_role2 (objectClass=\"group\",description-\"role2\")\n |-- ou=Dev\n |-- ou=App1\n |-- cn=dev_app1_role1 (objectClass=\"group\", description=\"role1\")\n |-- cn=dev_app1_role3 (objectClass=\"group\", description=\"role3\")\n |-- ou=App2\n |-- cn=dev_app2_role1 (objectClass=\"group\",description-\"role1\")\n |-- cn=dev_app2_role4 (objectClass=\"group\",description-\"role4\")\n```\n\nActive Directory requires unique CNs in a domain. But in Active Directory\ncreating groups with the same CN in different OUs is difficult.\nBecause of it, Werther uses a LDAP attribute as a role's name instead of CN.\nA name of a LDAP attribute is specified using the environment variable `WERTHER_LDAP_ROLE_ATTR`,\nand has the default value `description`.\n\nIn the above example, Werther returns a response that contains the next roles:\n* when the environment variable `WERTHER_LDAP_ROLE_BASEDN` equals to `ou=Test,ou=AppRoles,dc=example,dc=com`:\n ```json\n {\n \"https://github.com/i-core/werther/claims/roles\": {\n \"App1\": [\"role1\", \"role2\"],\n \"App2\": [\"role1\", \"role2\"]\n }\n }\n ```\n* when the environment variable `WERTHER_LDAP_ROLE_BASEDN` equals to `ou=Dev,ou=AppRoles,dc=example,dc=com`:\n ```json\n {\n \"https://github.com/i-core/werther/claims/roles\": {\n \"App1\": [\"role1\", \"role3\"],\n \"App2\": [\"role1\", \"role4\"]\n }\n }\n ```\n\nIf your applications expect the roles claim to be an array of strings, for example Concourse or Argo CD,\nyou can add groups to claims using with the environment variable `WERTHER_LDAP_FLAT_ROLE_CLAIMS`.\nWhen it is true Werther add corresponding claims for all the apps as an array of roles.\n\nExample 1:\n\nWERTHER_LDAP_FLAT_ROLE_CLAIMS=false\n\n```json\n{\n \"https://github.com/i-core/werther/claims/roles\": {\n \"App1\": [\"role1\", \"role2\"],\n \"App2\": [\"role3\", \"role4\"]\n }\n}\n```\n\nExample 2:\n\nWERTHER_LDAP_FLAT_ROLE_CLAIMS=true\n\n```json\n{\n \"https://github.com/i-core/werther/claims/roles\": {\n \"App1\": [\"role1\", \"role2\"],\n \"App2\": [\"role3\", \"role4\"]\n },\n \"https://github.com/i-core/werther/claims/roles/App1\": [\"role1\", \"role2\"],\n \"https://github.com/i-core/werther/claims/roles/App2\": [\"role3\", \"role4\"]\n}\n```\n\n## UI customization\n\nWerther uses the Go templates to render UI pages.\nTo customize the UI you should create a directory that contains UI pages' templates.\nAfter that you should set the directory path to the environment variable `WERTHER_WEB_DIR`.\n\n### Custom login page\n\nA login page's template must be a Go template. The template has access to data conforming the next JSON-schema:\n\n```yaml\ntype: object\nproperties:\n - WebBasePath:\n description: The base path of the login page\n type: string\n - LangPrefs:\n description: The user language preferences (the parsed value of the header Accept-Language)\n type: array\n items:\n type: object\n properties:\n - Lang:\n description: The language canonical name.\n type: string\n - Weight:\n description: The language weight.\n type: number\n required:\n - Lang\n - Weight\n - Data:\n type: object\n properties:\n - CSRFToken:\n description: A CSRF token.\n type: string\n - Challenge:\n description: A login challenge ID.\n type: string\n - LoginURL:\n description: An endpoint that finishes the login process.\n type: string\n - IsInvalidCredentials:\n description: Specifies that a user types an invalid username or password.\n type: boolean\n - IsInternalError:\n description: Specifies that an internal server error happens when finishing the login process.\n type: boolean\n required:\n - CSRFToken\n - Challenge\n - LoginURL\n - IsInvalidCredentials\n - IsInternalError\nrequired:\n - WebBasePath\n - LangPrefs\n - Data\n```\n\nWhen a login page's template contains static resources (like styles, scripts, and images)\nthey must be placed in a subdirectory called `static`.\n\nFor a full example of a login page's template see [source code](internal/web/templates).\n\n### Custom login page (old format)\n\n*The old template format is also supported but it will be removed in the future major release.*\n\nA login page's template should contains blocks `title`, `style`, `script`, `content`.\nEach block has access to data conforming the next JSON-schema:\n\n```yaml\ntype: object\nproperties:\n - CSRFToken:\n description: A CSRF token.\n type: string\n - Challenge:\n description: A login challenge ID.\n type: string\n - LoginURL:\n description: An endpoint that finishes the login process.\n type: string\n - IsInvalidCredentials:\n description: Specifies that a user types an invalid username or password.\n type: boolean\n - IsInternalError:\n description: Specifies that an internal server error happens when finishing the login process.\n type: boolean\nrequired:\n - CSRFToken\n - Challenge\n - LoginURL\n - IsInvalidCredentials\n - IsInternalError\n```\n\nWhen a login page's template contains static resources (like styles, scripts, and images)\nthey must be placed in a subdirectory called `static`.\n\nFor a full example of a login page's template see [source code](internal/web/templates).\n\n## Example\n\n1. Create file `ldap.ldif`:\n ```\n dn: uid=kolya_gerasyimov,ou=Users,dc=example,dc=com\n objectClass: inetOrgPerson\n cn: Kolya Gerasyimov\n sn: Gerasyimov\n uid: kolya_gerasyimov\n userPassword: 123\n mail: kolya_gerasyimov@example.com\n ou: Users\n\n dn: ou=AppRoles,dc=example,dc=com\n objectClass: organizationalunit\n ou: AppRoles\n description: AppRoles\n\n dn: ou=App1,ou=AppRoles,dc=example,dc=com\n objectClass: organizationalunit\n ou: App1\n description: App1\n\n dn: cn=traveler,ou=App1,ou=AppRoles,dc=example,dc=com\n objectClass: groupofnames\n cn: traveler\n description: traveler\n member: uid=kolya_gerasyimov,ou=Users,dc=example,dc=com\n ```\n\n2. Create file `docker-compose.yml`:\n ```yaml\n version: \"3\"\n services:\n hydra-client:\n image: oryd/hydra:v1.0.0-rc.12\n environment:\n HYDRA_ADMIN_URL: http://hydra:4445\n command:\n - clients\n - create\n - --skip-tls-verify\n - --id\n - test-client\n - --secret\n - test-secret\n - --response-types\n - id_token,token,\"id_token token\"\n - --grant-types\n - implicit\n - --scope\n - openid,profile,email,roles\n - --callbacks\n - http://localhost:3000\n - --post-logout-callbacks\n - http://localhost:3000/post-logout-callback\n networks:\n - hydra-net\n deploy:\n restart_policy:\n condition: none\n depends_on:\n - hydra\n healthcheck:\n test: [\"CMD\", \"curl\", \"-f\", \"http://hydra:4445\"]\n interval: 10s\n timeout: 10s\n retries: 10\n hydra:\n image: oryd/hydra:v1.0.0-rc.12\n environment:\n URLS_SELF_ISSUER: http://localhost:4444\n URLS_SELF_PUBLIC: http://localhost:4444\n URLS_LOGIN: http://localhost:8080/auth/login\n URLS_CONSENT: http://localhost:8080/auth/consent\n URLS_LOGOUT: http://localhost:8080/auth/logout\n WEBFINGER_OIDC_DISCOVERY_SUPPORTED_SCOPES: profile,email,phone,roles\n WEBFINGER_OIDC_DISCOVERY_SUPPORTED_CLAIMS: name,family_name,given_name,nickname,email,phone_number,https://github.com/i-core/werther/claims/roles\n DSN: memory\n command: serve all --dangerous-force-http\n networks:\n - hydra-net\n ports:\n - \"4444:4444\"\n - \"4445:4445\"\n deploy:\n restart_policy:\n condition: on-failure\n depends_on:\n - werther\n werther:\n image: icoreru/werther:v1.1.1\n environment:\n WERTHER_IDENTP_HYDRA_URL: http://hydra:4445\n WERTHER_LDAP_ENDPOINTS: ldap:389\n WERTHER_LDAP_BINDDN: cn=admin,dc=example,dc=com\n WERTHER_LDAP_BINDPW: password\n WERTHER_LDAP_BASEDN: \"dc=example,dc=com\"\n WERTHER_LDAP_ROLE_BASEDN: \"ou=AppRoles,dc=example,dc=com\"\n networks:\n - hydra-net\n ports:\n - \"8080:8080\"\n deploy:\n restart_policy:\n condition: on-failure\n depends_on:\n - ldap\n ldap:\n image: pgarrett/ldap-alpine\n volumes:\n - \"./ldap.ldif:/ldif/ldap.ldif\"\n networks:\n - hydra-net\n ports:\n - \"389:389\"\n deploy:\n restart_policy:\n condition: on-failure\n networks:\n hydra-net:\n ```\n\n3. Run the command:\n ```bash\n docker stack deploy -c docker-compose.yml auth\n ```\n\n4. Open the browser with http://localhost:4444/oauth2/auth?client_id=test-client\u0026response_type=token\u0026scope=openid%20profile%20email%20roles\u0026state=12345678.\n\n## Resources\n\n- [Introduction to ORY Hydra, OAuth 2.0, and OpenID Connect][hydra-doc];\n- [ORY Hydra: Integrating with (existing) User Management][hydra-login-consent];\n- [ORY Hydra: Configuration][hydra-doc-config];\n- [ORY Hydra: Official User Login \u0026 Consent Example][hydra-login-consent-example];\n- [OpenID Connect Core 1.0][oidc-spec-core];\n- [OpenID Connect Session Management 1.0][oidc-spec-session];\n- [OpenID Connect Front-Channel Logout 1.0][oidc-spec-front-channel-logout];\n- [OpenID Connect Back-Channel Logout 1.0][oidc-spec-back-channel-logout].\n\n## Footnotes\n\n1. \u003ca name=\"myfootnote1\"\u003e\u003c/a\u003e Werther is named after robot Werther from [Guest from the Future](https://en.wikipedia.org/wiki/Guest_from_the_Future).\n\n## Contributing\n\nThanks for your interest in contributing to this project.\nGet started with our [Contributing Guide][contrib].\n\n## License\n\nThe code in this project is licensed under [MIT license][license].\n\n[doc-img]: https://godoc.org/github.com/i-core/werther?status.svg\n[doc]: https://godoc.org/github.com/i-core/werther\n\n[build-img]: https://travis-ci.com/i-core/werther.svg?branch=master\n[build]: https://travis-ci.com/i-core/werther\n\n[codecov-img]: https://codecov.io/gh/i-core/werther/branch/master/graph/badge.svg\n[codecov]: https://codecov.io/gh/i-core/werther\n\n[goreport-img]: https://goreportcard.com/badge/github.com/i-core/werther\n[goreport]: https://goreportcard.com/report/github.com/i-core/werther\n\n[contrib]: https://github.com/i-core/.github/blob/master/CONTRIBUTING.md\n[license]: LICENSE\n\n[ldap]: https://ldap.com/\n[ad]: https://docs.microsoft.com/ru-ru/windows/desktop/AD/active-directory-domain-services\n\n[hydra]: https://www.ory.sh/\n[hydra-doc]: https://www.ory.sh/docs/hydra/\n[hydra-login-consent]: https://www.ory.sh/docs/hydra/oauth2\n[hydra-login-consent-example]: https://github.com/ory/hydra-login-consent-node\n[hydra-doc-config]: https://www.ory.sh/docs/hydra/configuration\n\n[oidc-spec-core]: https://openid.net/specs/openid-connect-core-1_0.html\n[oidc-spec-additional-claims]: https://openid.net/specs/openid-connect-core-1_0.html#AdditionalClaims\n[oidc-spec-session]: https://openid.net/specs/openid-connect-session-1_0.html\n[oidc-spec-front-channel-logout]: https://openid.net/specs/openid-connect-frontchannel-1_0.html\n[oidc-spec-back-channel-logout]: https://openid.net/specs/openid-connect-backchannel-1_0.html\n\n[uri-spec-encoding]: https://tools.ietf.org/html/rfc3986#section-2\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fi-core%2Fwerther","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fi-core%2Fwerther","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fi-core%2Fwerther/lists"}