{"id":15563315,"url":"https://github.com/jveverka/iam-service","last_synced_at":"2025-04-23T23:16:06.337Z","repository":{"id":52577491,"uuid":"244428832","full_name":"jveverka/iam-service","owner":"jveverka","description":"Simple OAuth2/OpenID-connect authentication and authorization server.","archived":false,"fork":false,"pushed_at":"2021-10-29T22:01:25.000Z","size":3405,"stargazers_count":27,"open_issues_count":4,"forks_count":12,"subscribers_count":2,"default_branch":"2.x.x","last_synced_at":"2025-04-23T23:15:56.209Z","etag":null,"topics":["aarch64","graviton","iam","iam-service","identity-management","identity-provider","jwt","mongodb","oauth2","oauth2-authentication","oauth2-provider","oauth2-server","openid","openid-server","pkce","redis","spring-method-security","spring-security","spring-security-jwt","spring-security-oauth2"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jveverka.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-03-02T17:12:19.000Z","updated_at":"2025-03-26T16:01:29.000Z","dependencies_parsed_at":"2022-08-24T09:00:15.877Z","dependency_job_id":null,"html_url":"https://github.com/jveverka/iam-service","commit_stats":null,"previous_names":[],"tags_count":20,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jveverka%2Fiam-service","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jveverka%2Fiam-service/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jveverka%2Fiam-service/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jveverka%2Fiam-service/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jveverka","download_url":"https://codeload.github.com/jveverka/iam-service/tar.gz/refs/heads/2.x.x","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250528900,"owners_count":21445519,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aarch64","graviton","iam","iam-service","identity-management","identity-provider","jwt","mongodb","oauth2","oauth2-authentication","oauth2-provider","oauth2-server","openid","openid-server","pkce","redis","spring-method-security","spring-security","spring-security-jwt","spring-security-oauth2"],"created_at":"2024-10-02T16:21:28.807Z","updated_at":"2025-04-23T23:16:06.299Z","avatar_url":"https://github.com/jveverka.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)\n[![Java11](https://img.shields.io/badge/java-11-blue)](https://img.shields.io/badge/java-11-blue)\n[![Gradle](https://img.shields.io/badge/gradle-v6.5-blue)](https://img.shields.io/badge/gradle-v6.5-blue)\n![Build and Test](https://github.com/jveverka/iam-service/workflows/Build%20and%20Test/badge.svg)\n[![Maven Central](https://img.shields.io/badge/maven%20central-release-green.svg)](https://search.maven.org/search?q=one.microproject.iamservice)\n[![Maintainability Rating](https://sonarcloud.io/api/project_badges/measure?project=jveverka_iam-service\u0026metric=sqale_rating)](https://sonarcloud.io/dashboard?id=jveverka_iam-service)\n\n# IAM service - OAuth2 server\nReally simple standalone *Identity Access Management* (IAM) service, [OAuth2](https://tools.ietf.org/html/rfc6749) authentication and authorization server. \nProject is compliant with subset of [OpenID-connect](https://openid.net/specs/openid-connect-core-1_0.html) \nand [OAuth2](https://tools.ietf.org/html/rfc6749) and [other](https://github.com/jveverka/iam-service#rfcs-and-specifications) related specifications. \n\n* Please check [__User's Guide__](docs/IAM-user-manual/README.md) and [__Examples__](iam-examples) for more details.\n* Check [__Docker Hub releases__](https://hub.docker.com/r/jurajveverka/iam-service).\n  ```\n  docker run -d -p 8080:8080 jurajveverka/iam-service:2.5.10-RELEASE\n  curl 'http://localhost:8080/services/discovery'\n  curl 'http://localhost:8080/services/oauth2/iam-admins/iam-admins/.well-known/openid-configuration'\n  ```\n* OpenAPI documentation: ``http://localhost:8080/swagger-ui/index.html?url=/v3/api-docs#/``  \n* Deploy into [__kubernetes cluster__](docs/k8s-deployments). \n\n## Modes of deployment\n![deployments](docs/iam-service-deployments.svg)\n\n1. Unit test deployments, rapid deployments, replicas=1.\n2. Simple use, single JSON file as database, replicas=1.\n3. Single instance deployments, replicas\u003e1.\n4. Cluster deployments, docker or kubernetes, replicas\u003e1.\n\n## Features \u0026 Mission\n* [x] Provide minimalistic, simple and small OAuth2/OIDC identity server. \n* [x] Self-Contained IAM management - clients, users, credentials, permission and roles.\n* [x] JWTs issued for authenticated clients and user-agents.\n* [x] Back Channels for JWT verification - backend libraries for resource servers. \n* [x] Small memory footprint - __iam-service__ (32Mb JVM heap)\n* [x] Small build size - __iam-service__ (single jar: ~40Mb, docker: ~190Mb)\n* [x] Seamless integrations with [spring framework](https://spring.io/) - check [examples](iam-examples).\n* [x] In memory or [Redis](https://redis.io/) backed caches.\n* [x] Data model stored in memory, single JSON file or [MongoDB](https://www.mongodb.com/).\n\n## Supported OAuth2 flows\n* [x] __Authorization Code__ - [flow details](docs/oauth2/131_authorization-code-flow.md).\n* [x] __Authorization Code (With PKCE)__ - [flow details](docs/oauth2/131_authorization-code-flow.md).\n* [x] __Password Credentials__ - [flow details](docs/oauth2/133_password-credentials-flow.md).\n* [x] __Client Credentials__ - [flow details](docs/oauth2/134_client-credentials-flow.md).\n* [x] __Refresh Token__ - [flow detail](docs/oauth2/15_refresh-tokens-flow.md).\n\n## Architecture\n![architecture](docs/IAM-service-architecture-simple.svg)\n1. Front channels.\n2. Back channels.   \n[Architecture details](docs/IAM-architecture-details.md).\n\n### Components\n* [__iam-service__](iam-service) - [SpringBoot](https://spring.io/projects/spring-boot) IAM as microservice (standalone authorization and authentication server). \n* [__iam-client__](iam-common/iam-client) - client library for back channel integrations with other microservices (resource-servers). \n* [__iam-service-client__](iam-common/iam-service-client) - client library for remote administration of iam-service (resource-servers).\n* [__iam-client-spring__](iam-common/iam-client-spring) - easier integrations for springboot microservices.\n* [__iam-examples__](iam-examples) - examples how to use and integrate with IAM-service.\n\n## REST endpoints \n* [__Authorization / Authentication APIs__](docs/apis/IAM-authorization-and-authentication-apis.md) - login flows, issuing JWT, revoking JWT.\n* [__Admin APIs__](docs/apis/IAM-admin-apis.md) - manage organization / project / users and credentials.\n* [__Back-Channel APIs__](docs/apis/IAM-back-channel-apis.md) - discover organization / project / user configuration, get public keys.\n* [__Swagger and Actuator APIs__](docs/apis/IAM-swagger-and-actuator-links.md)\n\n### Technical documentation\n* [Security Rules](docs/IAM-user-manual/IAM-Service-Security-Model.md) - accessing APIs.\n* [Internal Data Model](docs/IAM-data-model.md) - internal data model description and glossary.\n* [JWT mappings](docs/JWT-mapping-details.md) - mapping details between data model and issued JWT.\n* [Project build \u0026 test instructions](docs/IAM-build-test.md) - how to build this project locally.\n\n#### RFCs and Specifications\n* [RFC6749](https://tools.ietf.org/html/rfc6749) - OAuth 2.0 Authorization Framework\n* [RFC7009](https://tools.ietf.org/html/rfc7009) - OAuth 2.0 Token Revocation  \n* [RFC7662](https://tools.ietf.org/html/rfc7662) - OAuth 2.0 Token Introspection\n* [RFC6750](https://tools.ietf.org/html/rfc6750) - OAuth 2.0 Bearer Token Usage\n* [RFC8414](https://tools.ietf.org/html/rfc8414) - OAuth 2.0 Authorization Server Metadata\n* [RFC7636](https://tools.ietf.org/html/rfc7636) - OAuth 2.0 Proof Key for Code Exchange by OAuth Public Clients (PKCE) \n* [RFC7519](https://tools.ietf.org/html/rfc7519) - JSON Web Token (JWT)\n* [RFC7517](https://tools.ietf.org/html/rfc7517) - JSON Web Key (JWK)\n* [OpenID](https://openid.net/specs/openid-connect-core-1_0.html) - OpenID Connect Core 1.0\n* [References](docs/references.md)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjveverka%2Fiam-service","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjveverka%2Fiam-service","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjveverka%2Fiam-service/lists"}