{"id":39483350,"url":"https://github.com/michaelvl/oidc-oauth2-workshop","last_synced_at":"2026-01-18T05:17:44.536Z","repository":{"id":154041573,"uuid":"349671168","full_name":"michaelvl/oidc-oauth2-workshop","owner":"michaelvl","description":"Workshop with OIDC/OAuth2 client, identity provider and protected resource","archived":false,"fork":false,"pushed_at":"2023-12-17T15:40:44.000Z","size":657,"stargazers_count":1,"open_issues_count":5,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2023-12-17T16:39:21.601Z","etag":null,"topics":["oauth2","oidc"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/michaelvl.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2021-03-20T08:40:57.000Z","updated_at":"2023-05-07T06:18:20.000Z","dependencies_parsed_at":"2023-05-19T20:01:04.266Z","dependency_job_id":null,"html_url":"https://github.com/michaelvl/oidc-oauth2-workshop","commit_stats":null,"previous_names":[],"tags_count":0,"template":null,"template_full_name":null,"purl":"pkg:github/michaelvl/oidc-oauth2-workshop","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/michaelvl%2Foidc-oauth2-workshop","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/michaelvl%2Foidc-oauth2-workshop/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/michaelvl%2Foidc-oauth2-workshop/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/michaelvl%2Foidc-oauth2-workshop/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/michaelvl","download_url":"https://codeload.github.com/michaelvl/oidc-oauth2-workshop/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/michaelvl%2Foidc-oauth2-workshop/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28530810,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-18T00:39:45.795Z","status":"online","status_checked_at":"2026-01-18T02:00:07.578Z","response_time":98,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["oauth2","oidc"],"created_at":"2026-01-18T05:17:43.942Z","updated_at":"2026-01-18T05:17:44.524Z","avatar_url":"https://github.com/michaelvl.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# OIDC/OAuth2 Workshop\n\nThis repository contain an example implementation of an OIDC/OAuth2 client\n(confidential client), identity provider and protected resource.\n\nThe implementation is for educational purposes only and NOT suited for anything\nthat require real security.\n\n## Usage\n\nSee below for how to start the client, identity provider and protected\nresource. This section presents an usage example.\n\nThe client is available at `http://localhost:5000`. Point your browser at this\nendpoint and you should see the following:\n\n\u003e ![Step 1](images/client-step1.png)\n\nThis is the initial login step. The `scope` input defines our desired scope of\nthe OIDC/OAuth2 tokens we will obtain through the identity provider. Scopes are\nspace separated strings and the client defaults to `openid profile`, which is\nthe standard for OIDC. The protected resource in this workshop only allows\naccess if the scope `http://localhost:5002/api` is included.\n\nWhen you select `Login`, you are redirected to the Identity\nprovider/Authorization server (IdP):\n\n\u003e ![Step 2](images/idp-step2.png)\n\nThe IdP combines authentication and authorization and does not implement real\nusers. Thus you can enter any username and use the password `valid`.\n\nWhen you select `Approve`, the IdP redirects your browser back to the client\nwhich completes the OIDC/OAuth2 negotiation. The client will show information\nabout the tokens it received:\n\n\u003e ![Step 3](images/client-step3.png)\n\nThe client supports reading the OIDC `userinfo` data from the IdP. The IdP will\nreturn additional information about the user if the access token includes the\n`profile` scope:\n\n\u003e ![Step 4 userinfo](images/client-step4.png)\n\nThe client also supports reading information from the protected resource\n(OAuth2). The protected resource will respond differently depending on whether\nthe token contains the scope `http://localhost:5002/api` or not. The following\nexample show usage without the `api` scope:\n\n\u003e ![Step 4 API access](images/client-step4-api.png)\n\nThe IdP also provides an overview of active sessions at `http://localhost:5001/`\n\n\u003e ![IdP Active Sessions](images/idp-sessions.png)\n\n## Running the Components\n\nThe following commands will run the three components, client,\nidentity-provider/auth server and protected API as separate containers.\n\nUse the following command to run the identity provider/auth-server:\n\n```console\nmake run-idp\n```\n\nUse the following command to run the client using autoconfiguration\nfrom the identity provider:\n\n```console\nsource configs/oidc-autoconfig.sh localhost:5001\nmake run-client\n```\n\n\nUse the following command to run the protected API:\n\n```console\nsource configs/oidc-autoconfig.sh localhost:5001\nmake run-api\n```\n\n## Using Alternative Identity Providers\n\nRunning the components with the local identity provider/authorization\nserver is enabled with the following environment variables for the\nclient. These can be changed to refer to an external identity\nprovider. Alternatively, the script `configs/oidc-autoconfig.sh` can\nbe used with an OIDC identity provider supporting discovery.\n\n```\nexport OAUTH2_URL=http://localhost:5001/authorize\nexport OAUTH2_TOKEN_URL=http://localhost:5001/token\nexport OAUTH2_USERINFO_URL=http://localhost:5001/userinfo\nexport OIDC_END_SESSION_URL=http://localhost:5001/endsession\nexport OIDC_JWKS_URL=http://localhost:5001/.well-known/jwks.json\nexport CLIENT_ID=client-123-id\nexport CLIENT_SECRET=client-123-password\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmichaelvl%2Foidc-oauth2-workshop","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmichaelvl%2Foidc-oauth2-workshop","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmichaelvl%2Foidc-oauth2-workshop/lists"}