Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/OpenIDC/liboauth2

OAuth 2.x and OpenID Connect C library
https://github.com/OpenIDC/liboauth2

c oauth oauth2 openid-connect

Last synced: 3 days ago
JSON representation

OAuth 2.x and OpenID Connect C library

Host: GitHub
URL: https://github.com/OpenIDC/liboauth2
Owner: OpenIDC
License: apache-2.0
Created: 2019-03-22T14:03:06.000Z (almost 6 years ago)
Default Branch: master
Last Pushed: 2025-01-30T11:16:06.000Z (3 days ago)
Last Synced: 2025-01-30T11:19:35.634Z (3 days ago)
Topics: c, oauth, oauth2, openid-connect
Language: C
Homepage:
Size: 755 KB
Stars: 107
Watchers: 5
Forks: 26
Open Issues: 3
Metadata Files:
- Readme: README.md
- Changelog: ChangeLog
- License: LICENSE
- Authors: AUTHORS

Awesome Lists containing this project

README

        [![Build Status](https://github.com/OpenIDC/liboauth2/actions/workflows/build.yml/badge.svg)](https://github.com/OpenIDC/liboauth2/actions/workflows/build.yml)

[![Architectures Status](https://github.com/OpenIDC/liboauth2/actions/workflows/archs.yml/badge.svg)](https://github.com/OpenIDC/liboauth2/actions/workflows/archs.yml)

[![CodeQL Analysis](https://github.com/OpenIDC/liboauth2/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/OpenIDC/liboauth2/actions/workflows/codeql-analysis.yml)

# liboauth2

Generic library to build C-based OAuth 2.x and OpenID Connect servers and clients e.g. web-server plugins.

## Overview

- extends [cjose](https://github.com/OpenIDC/cjose) into OAuth 2.x and OpenID Connect specific claims, secrets, and hashes

- adds OAuth 2.x and OpenID Connect protocols by abstracting HTTP requests and responses from web server implementation specifics

- reusable code across other OAuth 2.x and REST related protocols

  e.g. token exchange with endpoint authentication, source token retrieval, target pass settings etc.

- generic code with plugins for Apache, NGINX, and possibly more (e.g. Envoy, HA Proxy, IIS)

- configurable cache backend/size/options per cache element type

- cookie-based session management (i.e. enforce inactivity timeout, expiry)

## Features

- [OpenID Connect 1.0](https://openid.net/specs/openid-connect-core-1_0.html)

- OAuth 2.0 Resource Owner Password Credentials ([RFC 6749](https://tools.ietf.org/html/rfc6749#section-4.3))

- OAuth 2.0 Token Introspection ([RFC 7662](https://tools.ietf.org/html/rfc7662))

- JWT bearer token validation using JWK, JWKS URI, shared symmetric key, X.509 cert, and RSA public key ([RFC 6750](https://tools.ietf.org/html/rfc6750))

- OAuth 2.0 Authorization Server Metadata ([RFC 8414](https://tools.ietf.org/html/rfc8414))

- Proof Key for Code Exchange (PKCE) by OAuth Public Clients ([RFC 7636](https://tools.ietf.org/html/rfc7636))

- OAuth 2.0 Mutual-TLS (MTLS) Certificate-Bound Access Tokens ([RFC 8705](https://tools.ietf.org/html/rfc8705))

- OAuth 2.0 Demonstrating Proof of Possession (DPoP) ([RFC9449](https://tools.ietf.org/html/rfc9449))

- Amazon ALB [EC key URL based `x-amzn-oidc-data` JWT verification](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-authenticate-users.html)

- endpoint authentication methods: `client_secret_basic`, `client_secret_post`, [`client_secret_jwt`, `private_key_jwt`](https://tools.ietf.org/html/rfc7523), [TLS client certificate](https://tools.ietf.org/id/draft-ietf-oauth-mtls), and HTTP basic authentication

- configurable cache backends: shared memory, file-based, memcache, and Redis

- retrieving a token from a header, a query parameter, a post parameter, or a cookie

- setting a token as a header, a query parameter, a post parameter, or a cookie

- Apache and NGINX bindings

## Dependencies

liboauth2 depends on the following libraries:

- [`openssl`](https://www.openssl.org/) for SSL and crypto support

- [`libcurl`](https://curl.haxx.se/libcurl/) for HTTP client support

- [`jansson`](http://www.digip.org/jansson/) for JSON parsing

- [`cjose`](https://github.com/OpenIDC/cjose) for JSON Object Signing and Encryption (JOSE) support

- (optional) [`libmemcached`](https://libmemcached.org) for memcache cache backend support

- (optional) [`libhiredis`](https://github.com/redis/hiredis) for Redis cache backend support

- (optional) [`Apache 2.x`](https://httpd.apache.org/) for Apache 2.x bindings support

- (optional) [`NGINX`](https://nginx.org) for NGINX bindings support

- (optional, build time only) [`check`](https://libcheck.github.io/check/) for unit test support

## Support

### Community Support

See [Frequently Asked Questions](https://github.com/OpenIDC/liboauth2/wiki) on the Wiki.  

Ask questions in the [Discussions](https://github.com/OpenIDC/liboauth2/discussions) tracker.

### Commercial Support

For commercial support contracts, professional services, training, and use-case specific support, contact [OpenIDC](https://www.openidc.com) at:

[[email protected]](mailto:[email protected])

Disclaimer

----------

*This software is open sourced by OpenIDC. For commercial support

you can contact [OpenIDC](https://www.openidc.com) as described above in the [Support](#support) section.*