Our great sponsors
-
-
oidc
Easy to use OpenID Connect client and server library written for Go and certified by the OpenID Foundation
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
-
I had to set up a OIDC server so our website could act as OIDC provider, and was really surprised how hard that is to do if you simply need the most basic setup. In fact it would seem that everybody would just keep a Keycloak or whatever— in their cluster and would keep it up-to-date with whatever user schema they would have in their app. This felt like too much work for me (I didn't want to maintain a whole extra service to just be able and provide a couple Oauth scopes from our API back-end.) so instead I went on and implemented the server directly in our app using https://github.com/zitadel/oidc. In fact this was the only fully-functioning OIDC implementation in Go that I could just plug in and make it work. So big props up to the Zitadel guys, the only worry would be from my side that the server implementation could be more generic and could rely on a set of interfaces that the users would be able to implement easily, without having to import a bunch of code from 'examples/server' like we have to do at the moment?
Disclosure: I work for FusionAuth.
Depends on what you are looking for.
If you want a standalone auth server, you can use FusionAuth in docker/docker-compose: https://fusionauth.io/docs/v1/tech/installation-guide/docker
You can also package up a library; most major languages have one or more OAuth/OIDC libraries: https://github.com/doorkeeper-gem/doorkeeper for Ruby, https://spring.io/projects/spring-security for Spring/Java, https://oauth2.thephpleague.com/ for PHP, https://pypi.org/project/oauthlib/ for Python.
https://oauth.net/code/ has a further selection of libraries in a variety of languages.
Disclosure: I work for FusionAuth.
Depends on what you are looking for.
If you want a standalone auth server, you can use FusionAuth in docker/docker-compose: https://fusionauth.io/docs/v1/tech/installation-guide/docker
You can also package up a library; most major languages have one or more OAuth/OIDC libraries: https://github.com/doorkeeper-gem/doorkeeper for Ruby, https://spring.io/projects/spring-security for Spring/Java, https://oauth2.thephpleague.com/ for PHP, https://pypi.org/project/oauthlib/ for Python.
https://oauth.net/code/ has a further selection of libraries in a variety of languages.
We recently finished shipping a SCIM server implementation. It was a big lift (it's quite protean).
If anyone else wants to look at software supporting SCIM, this list seems like a place to start: http://www.simplecloud.info/#Implementations2 It lists both SCIM servers (which can be the source of truth for a set of users and groups) and SCIM clients (which can received CRUD requests from a SCIM server).
(I submitted our company to the list but I think they got caught up in the GitHub/Heroku situation, since changes in the GH repo don't seem to be going live: https://github.com/erdtman/simplecloud.info )
Likely this one: https://github.com/Captain-P-Goldfish/scim-for-keycloak
An wonderful piece of work. Note, however, that the most recent supported Keycloak version is 16.1.x. Whereas Keycloak has recently been reworked (beginning with 17.x) around Quarkus. So the plugin is behind the curve WRT Keycloak.