{"id":23161445,"url":"https://github.com/tab/loki","last_synced_at":"2026-03-09T15:33:17.577Z","repository":{"id":267521011,"uuid":"895134874","full_name":"tab/loki","owner":"tab","description":"SSO \u0026 RBAC service for Smart-ID and Mobile-ID","archived":false,"fork":false,"pushed_at":"2025-06-01T20:05:21.000Z","size":1144,"stargazers_count":2,"open_issues_count":12,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-06-05T02:07:44.970Z","etag":null,"topics":["authentication","go","golang","mobile-id","rbac","smart-id","sso","sso-authentication"],"latest_commit_sha":null,"homepage":"https://tab.github.io/loki","language":"Go","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tab.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2024-11-27T16:11:28.000Z","updated_at":"2025-05-04T09:23:38.000Z","dependencies_parsed_at":null,"dependency_job_id":"7d31ebfc-e00f-481f-889a-b385ea62e243","html_url":"https://github.com/tab/loki","commit_stats":null,"previous_names":["tab/loki"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/tab/loki","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tab%2Floki","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tab%2Floki/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tab%2Floki/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tab%2Floki/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tab","download_url":"https://codeload.github.com/tab/loki/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tab%2Floki/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30301109,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-09T14:33:48.460Z","status":"ssl_error","status_checked_at":"2026-03-09T14:33:48.027Z","response_time":61,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","go","golang","mobile-id","rbac","smart-id","sso","sso-authentication"],"created_at":"2024-12-17T23:14:11.673Z","updated_at":"2026-03-09T15:33:17.554Z","avatar_url":"https://github.com/tab.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Loki\n\nSSO (Single Sign-On) service that provides user authentication functionality using `Smart-ID` and `Mobile-ID`.\nIt integrates with SK ID Solutions APIs and manages user roles, permissions, and scopes.\n\nDesigned to be easily integrated into microservices architectures and provides logging and telemetry for monitoring.\n\n## Key Features\n\n- Create and update user accounts, with role and scope assignments\n- Generate and validate JWT tokens\n- Authenticate users via `Smart-ID` and `Mobile-ID` through SK ID Solutions provider APIs\n- Comprehensive logging and telemetry support (OpenTelemetry) for easier monitoring and tracing\n- Easily integrate into a microservices architecture\n\n## Prerequisites\n\nBefore starting this application, you must have the loki-infrastructure running:\n\n```sh\ngit clone git@github.com/tab/loki-infrastructure.git\ncd loki-infrastructure\n\ndocker-compose up\n```\n\n## Setup and Configuration\n\n### Environment Variables\n\nUse `.env` files (e.g., `.env.development`) or provide environment variables for:\n\n- `DATABASE_DSN` for PostgreSQL\n- `REDIS_URI` for Redis\n- `SMART_ID_API_URL`, `MOBILE_ID_API_URL` and corresponding relying on party credentials\n- `TELEMETRY_URI` for OpenTelemetry\n\n### Generate Certificates and Keys\n\nBefore running the services, you need to generate certificates for mTLS and keys for JWT signing:\n\n#### JWT Signing Keys\n\n```sh\nmkdir -p certs/jwt\n\nopenssl genrsa -out certs/jwt/private.key 4096\nopenssl rsa -in certs/jwt/private.key -pubout -out certs/jwt/public.key\n```\n\n#### mTLS Certificates\n\n```sh\n# Generate CA\nopenssl genrsa -out certs/ca.key 4096\nopenssl req -new -x509 -key certs/ca.key -sha256 -subj '/CN=Loki CA' -out certs/ca.pem -days 3650\n\n# Generate Server Certificate\nopenssl genrsa -out certs/server.key 4096\nopenssl req -new -key certs/server.key -out certs/server.csr -config \u003c(\ncat \u003c\u003c-EOF\n[req]\ndefault_bits = 4096\nprompt = no\ndefault_md = sha256\nreq_extensions = req_ext\ndistinguished_name = dn\n\n[dn]\nCN = loki-backend\n\n[req_ext]\nsubjectAltName = @alt_names\n\n[alt_names]\nDNS.1 = localhost\nDNS.2 = backend\nIP.1 = 127.0.0.1\nIP.2 = 0.0.0.0\nEOF\n)\n\nopenssl x509 -req -in certs/server.csr -CA certs/ca.pem -CAkey certs/ca.key -CAcreateserial -out certs/server.pem -days 825 -sha256 -extfile \u003c(\ncat \u003c\u003c-EOF\nsubjectAltName = @alt_names\n\n[alt_names]\nDNS.1 = localhost\nDNS.2 = backend\nIP.1 = 127.0.0.1\nIP.2 = 0.0.0.0\nEOF\n)\n\n# Generate Client Certificate\nopenssl genrsa -out certs/client.key 4096\nopenssl req -new -key certs/client.key -out certs/client.csr -config \u003c(\ncat \u003c\u003c-EOF\n[req]\ndefault_bits = 4096\nprompt = no\ndefault_md = sha256\ndistinguished_name = dn\n\n[dn]\nCN = loki-backoffice\nEOF\n)\n\nopenssl x509 -req -in certs/client.csr -CA certs/ca.pem -CAkey certs/ca.key -CAcreateserial -out certs/client.pem -days 825 -sha256\n```\n\nFor more detailed information on certificates, see [Certificates Documentation](docs/certificates.md).\n\n### Database Migrations\n\nRun the following command to apply database migrations:\n\n```sh\nGO_ENV=development make db:drop db:create db:migrate\n```\n\n### Run application\n\n```sh\ndocker-compose build\ndocker-compose up\n```\n\n### Check health status\n\n```sh\ncurl -X GET http://localhost:8080/live\n```\n\n```sh\ncurl -X GET http://localhost:8080/ready\n```\n\n## Documentation\n\n[Documentation](https://tab.github.io/loki)\n\n## API Documentation\n\nSwagger file is available at [api/swagger.yaml](https://github.com/tab/loki/blob/master/api/swagger.yaml)\n\n## Related Repositories\n\n- [Loki Infrastructure](https://github.com/tab/loki-infrastructure) - Infrastructure setup for the Loki ecosystem\n- [Loki Backoffice](https://github.com/tab/loki-backoffice) - Backoffice service\n- [Loki Proto](https://github.com/tab/loki-proto) - Protocol buffer definitions\n- [Loki Frontend](https://github.com/tab/loki-frontend) - Frontend application\n- [Smart-ID Client](https://github.com/tab/smartid) - Smart-ID client used for authentication\n- [Mobile-ID Client](https://github.com/tab/mobileid) - Mobile-ID client used for authentication\n\n## Architecture\n\nThe application follows a layered architecture and clean code principles:\n\n- **cmd/loki**: Application entry point\n- **internal/app**: Core application logic, including services, controllers, repositories, and DTOs\n- **internal/config**: Configuration loading and setup, server startup, middleware, router initialization, and telemetry configuration\n- **pkg**: Reusable utilities such as JWT token handling and logging\n\n## License\n\nDistributed under the MIT License. See `LICENSE` for more information.\n\n## Acknowledgements\n\n- [SK ID Solutions](https://www.skidsolutions.eu/) for providing the Smart-ID and Mobile-ID APIs\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftab%2Floki","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftab%2Floki","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftab%2Floki/lists"}