go-sts is a Go-based implementation of a Security Token Service (STS) that supports OAuth2 flows. It is implemented as a PoC (Proof of Concept) and the service is built on top of the Fosite library, which provides a robust framework for OAuth2 and OpenID Connect.
The service supports the following OAuth2 grant types:
- Authorization Code Grant: Used for server-side applications where the client secret is kept confidential.
- Client Credentials Grant: Used for machine-to-machine communication where the client is also the resource owner.
go-sts/
├── cmd/ # Main entry point for the application
│ └── go-sts/
│ └── main.go # Application entry point
├── internal/
│ ├── app/
│ │ └── app.go # Application initialization and configuration
│ ├── configs/ # Configuration management, including constants and loading environment variables
│ ├── lib/ # Utility libraries
│ ├── middleware/ # Middleware for HTTP requests
│ │ └── ctxMiddleware.go # Context middleware
│ ├── repository/
│ │ ├── client_repository/ # Client repository logic
│ │ ├── issuer_repository/ # Issuer repository logic
│ │ ├── session_repository/ # Session repository logic
│ │ └── user_repository/ # User repository logic
│ ├── routes/
│ │ └── oauth_routes.go # OAuth2 related routes
│ ├── service/
│ │ ├── authentication_service/ # User authentication related services
│ │ └── oauth_provider/ # Fosite OAuth2 provider setup
│ └── storage/ # Fosite's storage interface implementation
│ └── templates/ # HTML templates for rendering
├── resources/ # Resource files
├── setup/
│ └── testDB.go # Test database setup
├── client/ # OAuth2 client for testing
├── docker-compose.yaml # Docker Compose configuration
├── go.mod # Go module file
├── .env # Environment variables file
└── README.md # Project documentation
To run the project, you need to have the following installed:
- Go 1.18 or later
- PostgreSQL (for local development)
- Docker (for running PostgreSQL in a container)
-
Clone the repository:
git clone github.com/sajitha-tj/go-sts.git cd go-sts -
Set up the PostgreSQL database:
- You can either set up PostgreSQL locally or use Docker to run a PostgreSQL container.
docker compose up -d
- This will start a PostgreSQL container with the database
go_stsand userpostgreswith passwordpassword.
-
Set up the environment variables:
- Create a
.envfile in the root directory and add the following variables:
PORT=8080 DB_USERNAME=oauth DB_PASSWORD_FILE=/home/sajithaj/my-sts-project/go-sts/resources/db_password DB_NAME=oauthdb FOSITE_SECRET_FILE=/home/sajithaj/my-sts-project/go-sts/resources/sign_secret - Create a
-
Install the dependencies:
go mod download
-
Run the client server to handle redirects:
go run ./setup/clientServer/main.go
This will start a simple HTTP server on port
3846to handle the redirect from the authorization server. -
Run the application:
go run ./cmd/go-sts/main.go
- Open your browser and navigate to the
http://localhost:3846URL. You can start the Authorization Code flow by clicking the "Authorize" button. - You will be redirected to the authorization server, where you can log in and authorize the client application. Use the following credentials:
- Username:
peter - Password:
secret
- Username:
- After successful authentication, you will be redirected back to the client server with an authorization code.
- Click on "Get Token" to exchange the authorization code for an access token.
Use the following curl command to test the Client Credentials flow:
curl --location '123e4567-e89b-12d3-a456-426614174000.localhost:8080/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=my-client' \
--data-urlencode 'client_secret=foobar'