Skip to content

Latest commit

 

History

History
84 lines (73 loc) · 5.7 KB

README.md

File metadata and controls

84 lines (73 loc) · 5.7 KB

License: MIT Java11 Gradle Build and Test Maven Central Maintainability Rating

IAM service - OAuth2 server

Really simple standalone Identity Access Management (IAM) service, OAuth2 authentication and authorization server. Project is compliant with subset of OpenID-connect and OAuth2 and other related specifications.

  • Please check User's Guide and Examples for more details.
  • Check Docker Hub releases.
    docker run -d -p 8080:8080 jurajveverka/iam-service:2.5.10-RELEASE
    curl 'http://localhost:8080/services/discovery'
    curl 'http://localhost:8080/services/oauth2/iam-admins/iam-admins/.well-known/openid-configuration'
    
  • OpenAPI documentation: http://localhost:8080/swagger-ui/index.html?url=/v3/api-docs#/
  • Deploy into kubernetes cluster.

Modes of deployment

deployments

  1. Unit test deployments, rapid deployments, replicas=1.
  2. Simple use, single JSON file as database, replicas=1.
  3. Single instance deployments, replicas>1.
  4. Cluster deployments, docker or kubernetes, replicas>1.

Features & Mission

  • Provide minimalistic, simple and small OAuth2/OIDC identity server.
  • Self-Contained IAM management - clients, users, credentials, permission and roles.
  • JWTs issued for authenticated clients and user-agents.
  • Back Channels for JWT verification - backend libraries for resource servers.
  • Small memory footprint - iam-service (32Mb JVM heap)
  • Small build size - iam-service (single jar: ~40Mb, docker: ~190Mb)
  • Seamless integrations with spring framework - check examples.
  • In memory or Redis backed caches.
  • Data model stored in memory, single JSON file or MongoDB.

Supported OAuth2 flows

Architecture

architecture

  1. Front channels.
  2. Back channels.
    Architecture details.

Components

  • iam-service - SpringBoot IAM as microservice (standalone authorization and authentication server).
  • iam-client - client library for back channel integrations with other microservices (resource-servers).
  • iam-service-client - client library for remote administration of iam-service (resource-servers).
  • iam-client-spring - easier integrations for springboot microservices.
  • iam-examples - examples how to use and integrate with IAM-service.

REST endpoints

Technical documentation

RFCs and Specifications

  • RFC6749 - OAuth 2.0 Authorization Framework
  • RFC7009 - OAuth 2.0 Token Revocation
  • RFC7662 - OAuth 2.0 Token Introspection
  • RFC6750 - OAuth 2.0 Bearer Token Usage
  • RFC8414 - OAuth 2.0 Authorization Server Metadata
  • RFC7636 - OAuth 2.0 Proof Key for Code Exchange by OAuth Public Clients (PKCE)
  • RFC7519 - JSON Web Token (JWT)
  • RFC7517 - JSON Web Key (JWK)
  • OpenID - OpenID Connect Core 1.0
  • References