{"id":21296921,"url":"https://github.com/reddec/oidc-login","last_synced_at":"2025-07-11T18:32:09.863Z","repository":{"id":154187338,"uuid":"631965683","full_name":"reddec/oidc-login","owner":"reddec","description":"simple and secure way to authorize your application with the OpenID Connect","archived":false,"fork":false,"pushed_at":"2023-09-23T07:04:40.000Z","size":34,"stargazers_count":33,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-07-02T11:02:02.510Z","etag":null,"topics":["golang","oauth2","oidc"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/reddec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-04-24T12:40:20.000Z","updated_at":"2025-03-15T23:21:50.000Z","dependencies_parsed_at":null,"dependency_job_id":"021d344c-2b45-4fae-94c6-71986974a83a","html_url":"https://github.com/reddec/oidc-login","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/reddec/oidc-login","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reddec%2Foidc-login","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reddec%2Foidc-login/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reddec%2Foidc-login/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reddec%2Foidc-login/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/reddec","download_url":"https://codeload.github.com/reddec/oidc-login/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reddec%2Foidc-login/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264870464,"owners_count":23676240,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["golang","oauth2","oidc"],"created_at":"2024-11-21T14:30:59.907Z","updated_at":"2025-07-11T18:32:09.854Z","avatar_url":"https://github.com/reddec.png","language":"Go","readme":"# OIDC login\n\n[![license](https://img.shields.io/github/license/reddec/oidc-login.svg)](https://github.com/reddec/oidc-login)\n[![](https://godoc.org/github.com/reddec/oidc-login?status.svg)](http://godoc.org/github.com/reddec/oidc-login)\n\n\nWelcome to OIDC Login, a simple and secure way to authorize your application with the OpenID Connect (OIDC) protocol.\nOIDC is supported by most major platforms, including Okta, Google, Auth0, Keycloak, Authentik, and others.\n\nOpenID Connect\n([OIDC](https://auth0.com/docs/authenticate/protocols/openid-connect-protocol#:~:text=OpenID%20Connect%20(OIDC)%20is%20an,obtain%20basic%20user%20profile%20information))\nis a simple identity layer on top of the OAuth 2.0 protocol that allows clients to verify the\nidentity of the end-user based on the authentication performed by an authorization server. OIDC provides a standard way\nfor clients to authenticate users, and obtain basic user profile information.\n\nThe library supports\nboth [Client Credentials](https://auth0.com/docs/get-started/authentication-and-authorization-flow/client-credentials-flow)\n(M2M)\nand [Authorization Code](https://auth0.com/docs/get-started/authentication-and-authorization-flow/authorization-code-flow)\nflow (UI).\n\n## Motivation\n\nWhile there are several alternatives available, such\nas [goth](https://github.com/markbates/goth), [authboss](https://github.com/volatiletech/authboss),\nand [auth](https://github.com/go-pkgz/auth), they all have similar flaws, including global state, being very\nopinionated, and having so-so support for OIDC.\n\nAt OIDC Login, we follow the UNIX-like idea of doing one thing, but doing it well. Our code is focused on being\nauditable, maintainable, and flexible as much as possible.\n\n## Usage\n\nCheckout [Go docs](https://pkg.go.dev/github.com/reddec/oidc-login) and [examples](examples).\n\nTo use OIDC Login, simply follow the code below:\n\n```go\npackage main\n\nimport (\n\t\"context\"\n\t\"net/http\"\n\n\t\"github.com/reddec/oidc-login\"\n)\n\nfunc main() {\n\tauth, err := oidclogin.New(context.Background(), oidclogin.Config{\n\t\tIssuerURL:    \"https://some-idp.example.com\",\n\t\tClientID:     \"\u003cMY CLIENT ID\u003e\",\n\t\tClientSecret: \"\u003cMY SECRET\u003e\",\n\t})\n\tif err != nil {\n\t\tpanic(err) // handle it properly in production\n\t}\n\n\t// add secured route (or group)\n\thttp.Handle(\"/\", auth.SecureFunc(func(writer http.ResponseWriter, request *http.Request) {\n\t\ttoken := oidclogin.Token(request)\n\t\tname := oidclogin.User(token)\n\t\twriter.Header().Set(\"Content-Type\", \"text/html\")\n\t\t_, _ = writer.Write([]byte(\"\u003chtml\u003e\u003cbody\u003e\u003ch1\u003eHello, \" + name + \"\u003c/h1\u003e\u003c/body\u003e\u003c/html\u003e\"))\n\t}))\n\n\t// add callback prefixes\n\thttp.Handle(oidclogin.Prefix, auth)\n\t// ...\n}\n\n\n\n```\n\n## Notes to Admins\n\nHere are some notes for administrators to keep in mind while using OIDC Login:\n\n* Set the public server URL in case you cannot control `X-Forwarded-Host` and `X-Forwarded-Proto` headers by reverse\n  proxy.\n* Set persistent storage for sessions.\n* It is highly recommended to secure your application by OWASP recommended headers. Here is some code you can use to set\n  these headers:\n*\n\n```go\nfunc SetOWASPHeaders(writer http.ResponseWriter) {\n  writer.Header().Set(\"X-Frame-Options\", \"DENY\") // helps with click hijacking\n  writer.Header().Set(\"X-XSS-Protection\", \"1\")\n  writer.Header().Set(\"X-Content-Type-Options\", \"nosniff\") // helps with content-type substitution\n  writer.Header().Set(\"Referrer-Policy\", \"strict-origin-when-cross-origin\") // disables cross-origin requests \n}\n```","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Freddec%2Foidc-login","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Freddec%2Foidc-login","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Freddec%2Foidc-login/lists"}